Posted by:yyrim
Subject:what is the meaning of each field in kismet packet dump information
Date:14:42:15 13/02/2011

Thank you very much for taking time to reply.
So I am getting these things from pcapdump file, which is one of the logs
kismet produces, besides netxml, nettxt etc, the name of a particular file
is like: Kismet-20110205-20-03-33-1.pcapdump, which is read and nicely displayed by wireshark, and each row is a 802.11 packet, I assume. So the information :
IEEE802 Beacon frame, SN=1000, FN=0, Flags=......., BI=100, SSID="\000", Name="ap1.sw1.cr1a.da",

is taken from one of the rows.

I am pretty sure that my driver reports signal strength level, and noise level, etc, because I can use iwconfig command from linux kernel to retrieve all the information. I am using intel wifi link 5300 by the way, with the latest driver for this device from intel website.

I am digging into the kismet-devel code to see whether I can modify the code somewhere to enable these information to be presented in the pcapdump file.
Let me know if you have any other suggestions.

Perhaps I should check 802.11 frame structure to understand the meaning of SN, FN, BI, Name etc ?

Again, thank you so much for your patience and help!


> > hi,
> > Excuse me if it is already documented, but I search through the documentation many times and did not find anything. What does each field mean in the packet dump? for example, I got this one:
> >
> > IEEE802 Beacon frame, SN=1000, FN=0, Flags=......., BI=100, SSID="\000", Name="ap1.sw1.cr1a.da", I understand SN is probably sequence number , so what is BI? what is Name? Why is SSID \000 ? and why do not not see received signal strength and noise level though PPI is enabled in the config file? How should I modify kismet code so that I can see RSSI in the packet information?
> >
> I don't know what sn, fn, bi are. Where are you getting them displayed?
> SSID is probably cloaked.
> Your drivers don't report packet info, if kismet isn't logging it. Anything mac80211 based should be providing info. Anything not mac80211 based is probably not going to report signal levels.
> > Thanks a lot for your help!
> >
> > Regards
> > YY

