SharkFest'24 US

Logging and Packet-like Objects
06-20, 10:15–11:15 (America/New_York), Potomac Ballroom

Dig into some of the extra uses of PCAP-NG logging: As the cloud of "smart" devices around us gets more complex and the hardware to monitor it gets cheaper, the prevalence of data which doesn't fit into traditional packet structures increases. With PCAP-NG we can log custom content and custom metadata in a cross-device, cross-platform, standard way.


The PCAP-NG log file not only holds packets, but information about the packets (metadata) and can expand to hold non-packet content.

As the availability of cheap capture devices such as SDR increases, the quantity of packet-shaped-data without a traditional packet structure or DLT increases.

By expanding the PCAP-NG content (using the existing standard!) we can attach geographical GPS tagging, signal information, custom content, and even radiological data from a Geiger counter to standard and new packet types.

Author of the Kismet wireless sniffer and IDS, as well as other open source wireless-adjacent tools.