Hello, I am looking for simple way, how to add realtime gps location (longitude and latitude) readed from serial port, to information line of captured packet and to field ie. Location of captured packet, for information, on which place this packet was captured and with possibility to export basic information about SRC mac adress and DST mac adress to google earth. It will be used for vehicle monitoring of wifi devices and for information, where and which device communicate with other. Do You have some idea, how to do it (via LUA script or somethink other)? Many thanks for answer. Martin asked 07 Jan '14, 13:01 martanek007 |
2 Answers:
You might want to look at Kismet, which, according to its documentation, supports GPS devices - look for "gps" in that document. You would capture with Kismet, rather than with Wireshark, and read the capture file in Wireshark afterwards. There is no easy way to capture with GPS information in Wireshark; it would involve significant code changes. answered 07 Jan '14, 19:53 Guy Harris ♦♦ |
well, there is no simple way, because what you need is not implemented in Wireshark, as @Guy Harris already pointed out. So, if Kismet is not an option for you, because you would need a AirPcap device on Windows, read on for a possible (simple) solution. If see the following problems and a possible (simple) solution for you. Problem: Network type If you want to capture wlan/wireless traffic, without an AirPcap device on Windows, you will have a hard time with Wireshark anyways, due to the restrictions that apply to WinPcap (the capturing library of Wireshark on Windows). So, maybe you should think again about using Kismet with an AirPcap device in that case. If you only need non-wlan/wireless traffic, windows might be O.K. (however, see below). Capturing wlan/wireless traffic on Linux would be much easier, including the possibility to use Kismet without the need for an AirPcap device. So, please think about that as well. Problem: Storing the GPS information in the capture file If you want to do the data processing all by yourself (google maps, etc.) using scripts, etc., the extension to the PPI header and/or pcap-ng is probably to much work for you. So, here is my solution, that should work regardless of the OS of the capturing system (Windows, Linux, etc.) and the network type (wlan/wireless and/or ethernet) Solution: Basically, do what Kismet is doing. Later, during the analysis phase, you can use the timestamps in the capture file and the GPS file to match/find the GPS coordinates for a single frame. There is usually no need to add GPS coordinates to every single frame, as those coordinates won't change very fast, even with a moving capture device, so you would have the same coordinates for a lot of frames anyway. If you do it this way, you are free
and you are free to analyze the data in any way you want, not limited by the existing features of Wireshark, Kismet, etc. Regards answered 08 Jan '14, 08:29 Kurt Knochner ♦ Many thanks for Yours help guys, what I doesn't meant at beginning, is that I need to capture wireless packet, but that packets are captured by Mikrotik proprietary device with RouterOS and this packets are passed via LAN interface to laptop with windows wireshark installed. In wireshark are filtered only wireless packets and this packets I save to a file. Using external Mikrotik device with an external antenna bring more packets due to better receiving sensitivity and from this of cource better mobile coverage. As You wrote, simplest solution it will be to link captured file with gps data after capturing or use kismet on other hardware. I am also thinking about own not simple solution with capturing using tshark and passing captured data to stdout and add to this data GPS coordinates. But in this time, link two files is nice idea. Thank You for help Regards Martin (08 Jan '14, 12:48) martanek007
There is a thread about that on the pcap-ng mailing list; the first message was sent in March, and the thread continues into April. (01 Apr '15, 23:43) Guy Harris ♦♦ |
You are right, Kismet do it, but it doesn´t work under windows (with simple user friendly GUI). However it will be only one simplest solution... Many thanks for You answer.
As for Windows, the Kismet README says:
which also applies to Wireshark, given that it also uses WinPcap to do capturing.
(Actually, there is a way to change it, but the way to change it is to run Windows Vista or later, i.e. Vista, Windows 7, Windows 8, etc. - change WinPcap to use NDIS 6 on Windows Vista or later, change it to support the Native Wi-Fi mechanisms and the libpcap APIs for monitor mode, have Kismet/dumpcap/tcpdump/whatever use those APIs, and use a machine/Wi-Fi adapter where the driver's support for Native Wi-Fi isn't too broken. As you might guess, none of that is easy.)
To get a GUI nicer than the Kismet UI, even more work would need to be done.