Kismet Wireless

Kismet Forums

 

Posted by:dragorn
Subject:Extracting absolute time from kismet dumps
Date:14:52:41 09/04/2009

> I am working on a 802.11 project. For this I sniffed the wireless data using kismet & now I've written a C code to extract the required features of each packet from the dump. I've extracted various features like source mac, dest mac, sequence number etc.
> I also need the absolute time (epoch time) when the particular frame was captured but I am not able to figure it out.
> Doesnt kismet add any time information, while saving the dumps, which can be used for extracting absolute time?

Pcap stores the time in each packet header in the pcap structs. I forget if it's an offset to previous captured packet, a delta from the beginning of the file, or an absolute time, but the data is there. (Open a pcap in wireshark and you can see the time data).

It's in the pcap packet header, not the data portion.

-m


Reply to this message