This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

GPS position together with timestamp

0

Hello,

I am looking for simple way, how to add realtime gps location (longitude and latitude) readed from serial port, to information line of captured packet and to field ie. Location of captured packet, for information, on which place this packet was captured and with possibility to export basic information about SRC mac adress and DST mac adress to google earth. It will be used for vehicle monitoring of wifi devices and for information, where and which device communicate with other.

Do You have some idea, how to do it (via LUA script or somethink other)?

Many thanks for answer.

Martin

asked 07 Jan '14, 13:01

martanek007's gravatar image

martanek007
11113
accept rate: 0%


2 Answers:

2

You might want to look at Kismet, which, according to its documentation, supports GPS devices - look for "gps" in that document. You would capture with Kismet, rather than with Wireshark, and read the capture file in Wireshark afterwards.

There is no easy way to capture with GPS information in Wireshark; it would involve significant code changes.

answered 07 Jan '14, 19:53

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

You are right, Kismet do it, but it doesn´t work under windows (with simple user friendly GUI). However it will be only one simplest solution... Many thanks for You answer.

(07 Jan '14, 23:52) martanek007

As for Windows, the Kismet README says:

NOTE: KISMET WILL ONLY WORK WITH THE CACE AIRPCAP DEVICE, SAVED PCAP FILES, -OR- REMOTE KISMET DRONES RUNNING ON A SUPPORTED PLATFORM. NO OTHER HARDWARE IS SUPPORTED IN WINDOWS, PERIOD. WINDOWS DRIVERS DO NOT INCLUDE SUPPORT FOR WIFI MONITORING WHICH KISMET REQUIRES. THERE IS NO WAY TO CHANGE THIS.

which also applies to Wireshark, given that it also uses WinPcap to do capturing.

(Actually, there is a way to change it, but the way to change it is to run Windows Vista or later, i.e. Vista, Windows 7, Windows 8, etc. - change WinPcap to use NDIS 6 on Windows Vista or later, change it to support the Native Wi-Fi mechanisms and the libpcap APIs for monitor mode, have Kismet/dumpcap/tcpdump/whatever use those APIs, and use a machine/Wi-Fi adapter where the driver's support for Native Wi-Fi isn't too broken. As you might guess, none of that is easy.)

To get a GUI nicer than the Kismet UI, even more work would need to be done.

(08 Jan '14, 01:16) Guy Harris ♦♦

1

I am looking for simple way, how to add realtime gps location (longitude and latitude) readed from serial port, to information line of captured packet and to field ie.

well, there is no simple way, because what you need is not implemented in Wireshark, as @Guy Harris already pointed out.

So, if Kismet is not an option for you, because you would need a AirPcap device on Windows, read on for a possible (simple) solution.

If see the following problems and a possible (simple) solution for you.

Problem: Network type
You did not mention if you want to capture wireless/wlan traffic and/or also other traffic (ethernet, etc.).

If you want to capture wlan/wireless traffic, without an AirPcap device on Windows, you will have a hard time with Wireshark anyways, due to the restrictions that apply to WinPcap (the capturing library of Wireshark on Windows). So, maybe you should think again about using Kismet with an AirPcap device in that case. If you only need non-wlan/wireless traffic, windows might be O.K. (however, see below).

Capturing wlan/wireless traffic on Linux would be much easier, including the possibility to use Kismet without the need for an AirPcap device. So, please think about that as well.

Problem: Storing the GPS information in the capture file
If you want GPS coordinates for every single packet (you said: Location of captured packet), then you need a way to store that information in the capture file. Kismet uses an extension to the PPI header to store the GPS coordinates. However, I'm not sure if that will work for non-wlan/wireless traffic with Kismet (if you need it at all - see above). The other alternative would be to write a separate file with GPS coordinates and timestamps (Kismet does that as well). A last option would be to define an extension to pcap-ng to store the GPS information in the capture file.

If you want to do the data processing all by yourself (google maps, etc.) using scripts, etc., the extension to the PPI header and/or pcap-ng is probably to much work for you.

So, here is my solution, that should work regardless of the OS of the capturing system (Windows, Linux, etc.) and the network type (wlan/wireless and/or ethernet)

Solution: Basically, do what Kismet is doing.
Store the network traffic in a standard capture file and at the same time write a second file with GPS coordinates and timestamps.

Later, during the analysis phase, you can use the timestamps in the capture file and the GPS file to match/find the GPS coordinates for a single frame. There is usually no need to add GPS coordinates to every single frame, as those coordinates won't change very fast, even with a moving capture device, so you would have the same coordinates for a lot of frames anyway.

If you do it this way, you are free

  • to use standard tools (tcpdump, wireshark, Kismet) to capture the network traffic
  • to use standard (open source) tools to record the GPS coordinates
  • to develop scripts in any language you prefer (not limited to Lua etc.)

and you are free to analyze the data in any way you want, not limited by the existing features of Wireshark, Kismet, etc.

Regards
Kurt

answered 08 Jan '14, 08:29

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Many thanks for Yours help guys,

what I doesn't meant at beginning, is that I need to capture wireless packet, but that packets are captured by Mikrotik proprietary device with RouterOS and this packets are passed via LAN interface to laptop with windows wireshark installed. In wireshark are filtered only wireless packets and this packets I save to a file. Using external Mikrotik device with an external antenna bring more packets due to better receiving sensitivity and from this of cource better mobile coverage.

As You wrote, simplest solution it will be to link captured file with gps data after capturing or use kismet on other hardware. I am also thinking about own not simple solution with capturing using tshark and passing captured data to stdout and add to this data GPS coordinates.

But in this time, link two files is nice idea. Thank You for help

Regards

Martin

(08 Jan '14, 12:48) martanek007

A last option would be to define an extension to pcap-ng to store the GPS information in the capture file.

There is a thread about that on the pcap-ng mailing list; the first message was sent in March, and the thread continues into April.

(01 Apr '15, 23:43) Guy Harris ♦♦