Posted by:craig
Subject:Obtain streaming packet sizes from Kismet
Date:15:50:08 21/03/2012


I'd like to get streaming packet size and count information from Kismet to analyze in a separate program. A tuple of (unixtime.microsecs, bytes) would be ideal. The right way seems to be to use tuntap_export and use libpcap in my program to simply read the filtered output. Sadly, I'm using OSX and it doesn't seem like tuntap_export is getting the job done which seems consistent with the "minimal support on OSX" remark in the documentation.

Baring that, what do you think would be the easiest way to extract this information? It doesn't look like the Kismet client commands let me extract capture information and I don't see much information on writing a Kismet plug-in myself. I was thinking of just taking the kludgy route of reading the pcap file constantly in the second program. However, I think .pcap file would grow indefinitely; it doesn't look like chain_handler in has code to detect that the file disappeared and gracefully restart the logging...

So, before I get carried away, am I missing a simple way to this?


-- Craig

