Posted by:dragorn
Subject:drone uuid logging
Date:13:51:46 23/06/2009

> Hi,
> I am running kismet-2009-05-RC2 in drone distributed mode , i am recording the dumpfiles in PPI format. Is there any way to record anything in the dump that will identify the source drone , or is it possible to write multiple concurrent dump files from one instance of kismet , i.e. one dump file per source ?

Currently, no - PPI doesn't have a capturing device field in it.

You could write a plugin that splits the dumpfile into a file per source fairly easily (the source IS tagged into the packet metadata internal to Kismet).

Once NTAR/Pcap-NG is a little further along I'll add support for that, too, which ought to allow multiple interfaces in a saner fashion, and that will keep them all separate.

For a per-file logging plugin, you'd want to attach to the logging segment of the packet chain, register a fake log file name to get a consistent number for your files, then keep a map/dictionary of interface UUIDs and pcap files (and make new ones as new interfaces get added). If you look at the dumpfile_pcap code, you could probably for the most part copy it and just add the multifile dispatch segment based on the kis_ref_capsource packet element, probably be < 100 lines of code.


