Kismet Wireless

Kismet Forums

 

Posted by:sumitk1
Subject:Read Kismet pcapdump to see URL only
Date:02:53:49 25/10/2011

> > Hi All,
> >
> > I am doing a project on detecting students cheating in online exam and I have recently started experimenting with Kismet.
> >
> > The network where I am experimenting is unsecure and after I capture through kismet, I have to somehow know which IP has opened what all sites.
> >
> > So while capturing .pcapdump file I am using tshark to continuously convert it into .txt file and then my script should read for url. But when I convert .pcapdump file to .txt, I can see the IP but not the URL they are visiting. I am totally new to kismet so can someone help me with what should I do for it? Can it be done through Kismet?
> >
>
> strings foo.pcap | grep http ?

I am sorry, I am still going through the Kismet configuration & settings so don't know if .pcap and .pcapdump file are the same? Can we generate .pcap through Kismet?

I also got this line from my .txt file after converting from .pcapdump

30783 392.089413 10.185.1.68 -> 184.28.157.55 HTTP 1127 GET /widgets/images/f.gif?button=blue&screen_name=YahooProjector&show_count=false&show_screen_name=true&lang=en&twttr_variant=1.1&twttr_referrer=http%3A%2F%2Fmovies.yahoo.com%2Fblogs%2Fthe-projector%2Ffive-shots-paranormal-activity-3-trailers-weren-t-165710359.html&twttr_li=0&twttr_widget=0&twttr_guest_id=v1%3A131322481851824296 HTTP/1.1

which is readable but still not the full url. I am still reading so if you find any link useful, please let me know. I would be really thankful!


Reply to this message