KismetDB

If the KismetDB log is enabled, Kismet exposes historic, searchable data.

If KismetDB logging is not enabled, these endpoints will not be available and will return an error.

Historic packets

DESC

When the kismetdb log type is enabled, fetch packets which match the filter statement from the logfile.

Returns a PCAP-NG format stream of packets.

ROLES
ADDED
API added 2018-12
URI
/logging/kismetdb/pcap/{TITLE}.pcapng
METHODS
GET POST
URI
PARAMETERS
TITLE string REQUIRED

Arbitrary file name

filter multiple

Multiple filter options

JSON
PARAMETERS

This endpoint takes additional parameters by using a `POST` request and supplying a JSON document or json form variable.

You can find more information about API parameters here.

filter multiple OPTIONAL

Multiple filter options

API

The filter options can be passed as individual arguments on the GET URI, as URI-encoded variables (ie /logging/kismetdb/pcap/foo.pcapng?datasource=...&foo=...&bar=...), or passed as a JSON command dictionary as a POST request.

Filters function as an AND statement: To match a packet, it must match all filter terms.

Time window

Restrict packets by a timeframe which can be either bounded (both start and end times specified) or open-ended (only start or end specified)

timestamp_start number OPTIONAL

Posix timestamp with optional double precision as seconds.microseconds

timestamp_end number OPTIONAL

Posix timestamp with optional double precision as seconds.microseconds

Datasource

Limit packets to a specific datasource, by datasource UUID

datasource string OPTIONAL

Datasource UUID

Device key

Packets to, from, or otherwise associated with, the specified device.

device_id string OPTIONAL

Kismet device key

Match a specific data link type (DLT). This numeric DLT matches the libpcap link types and describes the physical frame type of the packet.

dlt number OPTIONAL

PCAP DLT value

Frequency

Match a specific, bounded, or open-ended frequency rage.

frequency number OPTIONAL

Natch a single frequency in KHz

frequency_min number OPTIONAL

Mininum frequency, in KHz

frequency_max number OPTIONAL

Maximum frequency, in KHz

Signal

Match a bounded or open-ended window of signal levels.

Packets with no signal level are considered to have a signal level of 0.

signal_min number OPTIONAL

Minimum signal level

signal_max number OPTIONAL

Maximum signal level

Device MAC addresses

Match by MAC address, if available.

address_source string OPTIONAL

Source MAC address

address_dest string OPTIONAL

Destination MAC address

address_trans string OPTIONAL

Transmitter MAC aaddress (such as the AP BSSID on Wi-Fi)

Location

Filter by a bounded location of rectangular minimum and maximum coordinates.

Coordinates are decimal degrees in floating point format (123.456789).

location_lat_min number OPTIONAL

Minimum latitude

location_lon_min number OPTIONAL

Minimum longitude

location_lat_max number OPTIONAL

Maximum latitude

location_lon_min number OPTIONAL

Maximum longitude

Packet size

Match a bounded or unbounded packet size window.

size_min number OPTIONAL

Minimum packet size, in bytes

size_max number OPTIONAL

Maximum packet size, in bytes

Tags

tag string OPTIONAL

Packet tag to match

Limit

Limit the number of packets returned.

limit number OPTIONAL

Return at most limit packets

Deleting packets

DESC

Delete all packets before drop_before from the KismetDB log.

On very long-running Kismet processes, this can be used to prevent the kismetdb from becoming unmanageable while retaining packet history, for instance by fetching all packets using the historic packet endpoint, then removing them from the kismetdb log.

ROLES
ADDED
API added 2018-12
URI
/logging/kismetdb/pcap/drop.cmd
METHODS
POST
JSON
PARAMETERS

This endpoint takes additional parameters by using a `POST` request and supplying a JSON document or json form variable.

You can find more information about API parameters here.

drop_before OPTIONAL