Kismet Wireless

Kismet Forums


Posted by:sumitk1
Subject:Read Kismet pcapdump to see URL only
Date:02:53:49 25/10/2011

> > Hi All,
> >
> > I am doing a project on detecting students cheating in online exam and I have recently started experimenting with Kismet.
> >
> > The network where I am experimenting is unsecure and after I capture through kismet, I have to somehow know which IP has opened what all sites.
> >
> > So while capturing .pcapdump file I am using tshark to continuously convert it into .txt file and then my script should read for url. But when I convert .pcapdump file to .txt, I can see the IP but not the URL they are visiting. I am totally new to kismet so can someone help me with what should I do for it? Can it be done through Kismet?
> >
> strings foo.pcap | grep http ?

I am sorry, I am still going through the Kismet configuration & settings so don't know if .pcap and .pcapdump file are the same? Can we generate .pcap through Kismet?

I also got this line from my .txt file after converting from .pcapdump

30783 392.089413 -> HTTP 1127 GET /widgets/images/f.gif?button=blue&screen_name=YahooProjector&show_count=false&show_screen_name=true&lang=en&twttr_variant=1.1& HTTP/1.1

which is readable but still not the full url. I am still reading so if you find any link useful, please let me know. I would be really thankful!

Reply to this message