If the Kismet Databaselog is enabled, Kismet will expose an API for extracting historic data. If the databaselog is not enabled, these APIs will not be available and will return an error.
filter options in are treated as logical
AND statements: To match a packet, the packet must match all of the filter options passed in the command dictionary. In other words, a filter by time, datasource, and type, would only return packets within that time range, from that datasource, and of that type.
Filter options should be sent as GET parameters URL-encoded, when using the GET REST endpoint, and in a command dictionary under the
filter key when using the POST endpoint.
Packets can be selected by a time window which may either be closed (both start and end times specified) or open (only start or end time specified).
Key Type Description timestamp_start double Posix timestamp as double-precision value (seconds.microseconds) timestamp_end double Posix timestamp as double-precision value (seconds.microseconds)
Packets may be limited to a single data source, specified by UUID
Key Type Description datasource text UUID UUID string of capture datasource
Packets may be limited to the specific Kismet device ID they belong to
Key Type Description device_id text ID Kismet device ID
Data type Limit matching to a specific data type / DLT (Data Link Type). This numeric DLT matches the libpcap link types and describes the physical frame type of the packet.
Key Type Description dlt integer PCAP DLT
Match only packets on the given frequency, if frequency information is available from the data source. Data sources which cannot report frequency will report as
Key Type Description frequency double Frequency in KHz frequency_min double Minimum frequency in KHz frequency_max double Maximum frequency in KHz
Limit matching to a range of signal levels, which may be open (only min/max signal provided) or closed (min and max specified). Packets which have no signal data (such as packets captured by source types which do not support signal records) will have a reported signal of
Key Type Description signal_min int Minimum signal (in dBm) signal_max int Maximum signsl (in dBm)
Limit matching by decoded device address, if available. Not all capture phys report device addresses as MAC addresses, however the majority do.
Key Type Description address_source text MAC Source MAC address address_dest text MAC Destination MAC address address_trans text MAC Transmitter MAC address (such as the AP BSSID)
Limit matching by location. Location windows should always be bounded rectangles of minimum and maximum coordinates. Coordinates are in decimal floating-point format (LL.LLLLL) and will be converted to the normalized non-floating internal values automatically.
Key Type Description location_lat_min double Minimum corner latitude location_lon_min double Minimum corner longitude location_lat_max double Maximum corner latitude location_lon_max double Maximum corner longitude
Packet size window
Limit matching by packet size. Size windows can define minimum and maximum or only minimum or maximum ranges.
|size_min||int||Minimum packet size, in bytes|
|size_max||int||Maximum packet size, in bytes|
Packets can be tagged with various state information.
|tag||string||Tag to limit by|
- Result limiting
Limit total packets returned.
|limit||int||Maximum results to return|
Fetching historic packets
Packets can be fetched from the
kismetdb, for all packets stored in the current session
Key Description [TITLE] File download title, does not impact pcap file generation.
Additionally, when using the
GETURI, the filter options defined above are accepted as
HTTP GETURL-encoded variables.
A command dictionary containing:
Key Description filter A dictionary of the filter options defined above
HTTP 500error if the
kismetlog type is not enabled.
A pcapng stream will be generated of packets, if any, matching the filter options. This stream will be buffered at the rate that the client is able to download it, and the stream will be closed at the end of the query.
kismetlog is not enabled, this endpoint will return an error.
On very long-running Kismet processes, you may wish to purge old packets. These packets will be removed from the kismetdb log.
A command dictionary containing:
Key Description drop_before A unix second timestamp value, packets older than
drop_beforewill be deleted.
HTTP 200on success
HTTP error on failure