Kismet Wireless

Kismet Forums

 

Posted by:00
Subject:Using dumpfile_pcap in a plugin
Date:20:48:26 23/08/2010

I'm trying to write a plugin that can write a pcap file.

Basically, I need to be able to filter pcap output based on mac addresses, only dumping packets to the pcap file if the mac address is on a list.

My plugin is creating it's own instance of Dumpfile_Pcap(globalreg, "filteredpcap", DLT_PPI, NULL, NULL, NULL).

I turned off the included pcap logging and enabled 'filteredpcap' in kismet.conf, and set 'filteredpcaptype=ppi'.

Then in my plugin's handler, I call dumpfile->chain_handler(in_pack), but for some reason the pcap file never has any captured packets after I shut down kismet.

Interestingly, if I use 80211 instead of PPI it seems to capture packets.

Debugging it, the handler is returning when it checks if(chunk->dlt != dlt). The packet I'm handing it is 802.11 and the handler is ppi, but I'm not sure how to get the packet in ppi form from the chain.

Anyone have any clues?


Reply to this message