Kismet Wireless

Kismet Forums

 

Posted by:theberries
Subject:last-time and seen-time in .netxml
Date:15:18:14 01/10/2010

I'm seeing some odd behaviour in the last-time field of the .netxml. Below is a snip of my .netxml for an AP in question:

<wireless-network number="55" type="infrastructure" first-time="Fri Oct 1 08:47:36 2010" last-time="Fri Oct 1 08:47:36 2010">
<SSID first-time="Fri Oct 1 08:47:36 2010" last-time="Fri Oct 1 08:47:36 2010">
<type>Beacon</type>
<max-rate>54.000000</max-rate>
<packets>2929</packets>
<beaconrate>10</beaconrate>
<encryption>WPA+PSK</encryption>
<encryption>WPA+AES-CCM</encryption>
<dot11d country="USI">
<dot11d-range start="1" end="11" max-power="27"/>
</dot11d>
<essid cloaked="false">ctiw</essid>
</SSID>
<BSSID>C0:3F:0E:7B:44:5D</BSSID>
<manuf>Unknown</manuf>
<channel>1</channel>
<freqmhz>2412 3097</freqmhz>
<maxseenrate>11000</maxseenrate>
<packets>
<LLC>2931</LLC>
<data>166</data>
<crypt>163</crypt>
<total>3097</total>
<fragments>0</fragments>
<retries>0</retries>
</packets>
<datasize>21134</datasize>
<snr-info>
<last_signal_dbm>-87</last_signal_dbm>
<last_noise_dbm>-90</last_noise_dbm>
<last_signal_rssi>0</last_signal_rssi>
<last_noise_rssi>0</last_noise_rssi>
<min_signal_dbm>-91</min_signal_dbm>
<min_noise_dbm>-106</min_noise_dbm>
<min_signal_rssi>1024</min_signal_rssi>
<min_noise_rssi>1024</min_noise_rssi>
<max_signal_dbm>-76</max_signal_dbm>
<max_noise_dbm>49</max_noise_dbm>
<max_signal_rssi>0</max_signal_rssi>
<max_noise_rssi>0</max_noise_rssi>
</snr-info>
<bsstimestamp>76802457984</bsstimestamp>
<cdp-device></cdp-device>
<cdp-portid></cdp-portid>
<seen-card>
<seen-uuid>2c17034e-cd62-11df-9257-f904c7291802</seen-uuid>
<seen-time>Fri Oct 1 10:05:44 2010</seen-time>
<seen-packets>3097</seen-packets>
</seen-card>

As you can see, the "first-time" and "last-time" are the same while the "seen-time" for the "seen-card" displays the seemingly more accurate last time the AP was detected.

I'm parsing this stuff and storing it in a database then querying that database for all detections in the last N minutes. Which value should I be storing in the database to get an accurate result? "last-time" doesn't seem to be giving me the actual last time the AP was detected. Am I missing something?

Thanks!


Reply to this message