Posted by:dragorn
Subject:Obtain streaming packet sizes from Kismet
Date:17:54:23 21/03/2012

> > So, before I get carried away, am I missing a simple way to this?
> Okay, it appears I got carried away. I altered the file to send the statistics to a localhost socket in Dumpfile_Pcap::chain_handler and commented out the pcap_dump() invocation. This seems to do what I want.
> Still, if there is a better way, I'm all ears.

I'd write a plugin and dump it out over the client protocol.

A good place to start is plugin-gpstxt - it shows how to do basic plugin setup and attach to the packet chain. That gets you the size of packets easily.

plugin-spectools shows you how to set up a new network protocol - look for RegisterProtocol.

basically you'd want to define a new protocol with your tuple fields, then attach to the packet chain, and send a sentence w/ your per packet data.

If you swing by #kismet on I can talk to you more about it realtime. I'm a bit under the weather so i might not respond immediately.

