Packet capture

Kismet provides endpoints to obtain packets live as a stream in the PCAP-NG format.

PCAP-NG is a standard, extended version of the traditional PCAP format, which offers the ability to include multiple interfaces, multiple link types, and the original radio headers of all the captured packets.

Tools like Wireshark can process the complete PCAP-NG format, while simpler tools like tcpdump and other libpcap-based tools can process single-linktype pcapng directly.

PCAP-NG files can be post-processed with tshark or wireshark to strip the capture to a single interface and link type if necessary.

All packets

DESC

A live stream of packets seen by all datasources, served in PCAP-NG format.

This stream will return all packets seen since the stream was initiated, and will continue streaming packets until the connection is terminated.

To access packets previosuly seen by Kismet, use the kismetdb endpoints.

ROLES
readonly
URI
/pcap/all_packets.pcapng
METHODS
GET
NOTES
This endpoint will return packets forever, until disconnected.

Packets by datasource

DESC

A live stream of packets from a single datasource, served in PCAP-NG format.

This stream will return all packets seen since the stream was initiated, and will continue streaming packets until the connection is terminated.

To access packets previosuly seen by Kismet, use the kismetdb endpoints.

ROLES
readonly
URI
/datasource/pcap/by-uuid/{UUID}/packets.pcapng
METHODS
GET
URI
PARAMETERS
UUID string REQUIRED

Datasource UUID

NOTES
This endpoint will return packets forever, until disconnected.

Packets by device

DESC

A live stream of packets to, from, or otherwise associated with a specific device, served in PCAP-NG format.

This stream will return all packets seen since the stream was initiated, and will continue streaming packets until the connection is terminated.

To access packets previosuly seen by Kismet, use the kismetdb endpoints.

ROLES
readonly
URI
devices/pcap/by-key/{KEY}/packets.pcapng
METHODS
GET
URI
PARAMETERS
KEY string REQUIRED

Device key

NOTES
This endpoint will return packets forever, until disconnected.