Packet capture
Kismet provides endpoints to obtain packets live as a stream in the PCAP-NG format.
PCAP-NG is a standard, extended version of the traditional PCAP format, which offers the ability to include multiple interfaces, multiple link types, and the original radio headers of all the captured packets.
Tools like Wireshark can process the complete PCAP-NG format, while simpler tools like tcpdump and other libpcap-based tools can process single-linktype pcapng directly.
PCAP-NG files can be post-processed with tshark or wireshark to strip the capture to a
single interface and link type if necessary.
All packets
A live stream of packets seen by all datasources, served in PCAP-NG format.
This stream will return all packets seen since the stream was initiated, and will continue streaming packets until the connection is terminated.
To access packets previosuly seen by Kismet, use the kismetdb endpoints.
readonly/pcap/all_packets.pcapngGETPackets by datasource
A live stream of packets from a single datasource, served in PCAP-NG format.
This stream will return all packets seen since the stream was initiated, and will continue streaming packets until the connection is terminated.
To access packets previosuly seen by Kismet, use the kismetdb endpoints.
readonly/datasource/pcap/by-uuid/{UUID}/packets.pcapngGETPARAMETERS
UUID
string
REQUIREDDatasource UUID
Packets by device
A live stream of packets to, from, or otherwise associated with a specific device, served in PCAP-NG format.
This stream will return all packets seen since the stream was initiated, and will continue streaming packets until the connection is terminated.
To access packets previosuly seen by Kismet, use the kismetdb endpoints.
readonlydevices/pcap/by-key/{KEY}/packets.pcapngGETPARAMETERS
KEY
string
REQUIREDDevice key