Kismet Wireless

Kismet Forums

 

Posted by:dragorn
Subject:pcapdump file
Date:14:03:15 22/01/2010

> Hi all,
>
> I'm doing some captures in an ad-hoc network of 3 PCs, where ftp data files are sent.
> The problem comes when Wireshark open the pcapdump file. I noticed that some packets are missing, it is as if for a brief period of time, Kismet doesn't capture.

If you're channel hopping you won't see packets on channels you're not on.

If your drivers are lousy, they may block and miss packets.

> In the Ubuntu's terminal where I run wireshark I can see the following errors:
>
> 12:11:40 Warn pcapng_open: opening file
> 12:11:40 Warn pcapng_read_block: block_type 0x6d783f3c
> 12:11:40 Warn pcapng_read_block: Unknown block_type: 0x6d783f3c (block ignored), block total length 1702240364
> 12:11:40 Warn pcapng_read_block: couldn't read second block length
> 12:11:40 Warn pcapng_open: couldn't read first SHB
> 12:11:45 Warn pcapng_open: opening file
> 12:11:45 Warn pcapng_read_block: block_type 0x6d783f3c
> 12:11:45 Warn pcapng_read_block: Unknown block_type: 0x6d783f3c (block ignored), block total length 1702240364
> 12:11:45 Warn pcapng_read_block: couldn't read second block length
> 12:11:45 Warn pcapng_open: couldn't read first SHB

Never, ever seen something like this.

>
> Wireshark's problem or is the file created by kismet corrupted?

I haven't seen pcap corrupt files.

> Can Kismet capture all received packets on an interface?

Yes, assuming the drivers give it to kismet and work properly.

-m

>
> Thanks for your help
>
> Regards


Reply to this message