Show an example of exception file format and heavy load on SD card.

[mickhaorex]

I really like your program, I discovered it by accident when I was researching hcxdumptool. I am using your program on a Raspberry pi4, with kali linux installed on the SD card. I have read your instructions and they are more than detailed and clear. However, I don't understand if the whitelist file (scan exclusion list) should contain the MAC addresses of the APs or if it should also contain the MAC addresses of the clients? Could you be so kind and show me an example of how this file should look like and whether #commentaries are allowed in it (for BSSID designation, so that I could understand in the future which APs are already excluded)?

I also noticed that during the program is constantly creating and deleting the file *.pcapng.kismet-journal, because of this, that the SD card is constantly writing (if you believe HTOP, then at a rate of about 1.43 MiB / s.). I think this is very harmful to the SD card. Is it not possible to keep this temporary file in RAM or create a temporary file at longer intervals, like once a minute or once every five minutes?

Thank you very much for this program!

[Ragnt]

The whitelist file is a line-seperated listed of AP MAC addresses or ESSID’s. We don’t target (or filter) by clients at all, you can add them if you’re concerned but they probably won’t make a difference. Comments are allowed, anything following # on a line will be ignored.

As for the journal file, it’s the SQLite rollback journal and is used for atomic writes on the database. The reason I’m not batch writing is because the current version of the engine is nearly synchronous and handles frames that way from start to finish. The AO rewrite will use batched inserts to reduce the amount of writes and improve performance anyway, so reducing writes will be a side effect.

On Tue, Jun 18, 2024 at 3:32 AM, Micha @.***(mailto:On Tue, Jun 18, 2024 at 3:32 AM, Micha < wrote:

I really like your program, I discovered it by accident when I was researching hcxdumptool. I am using your program on a Raspberry pi4, with kali linux installed on the SD card. I have read your instructions and they are more than detailed and clear. However, I don't understand if the whitelist file (scan exclusion list) should contain the MAC addresses of the APs or if it should also contain the MAC addresses of the clients? Could you be so kind and show me an example of how this file should look like and whether #commentaries are allowed in it (for BSSID designation, so that I could understand in the future which APs are already excluded)?

I also noticed that during the program is constantly creating and deleting the file *.pcapng.kismet-journal, because of this, that the SD card is constantly writing (if you believe HTOP, then at a rate of about 1.43 MiB / s.). I think this is very harmful to the SD card. Is it not possible to keep this temporary file in RAM or create a temporary file at longer intervals, like once a minute or once every five minutes? Thank you very much for this program!

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>

[Ragnt]

Target / Whitelist file examples:

aabbccddeeff # Lowercase without delimiter
aa:bb:cc:dd:ee:ff # Lowercase with ":"
aa-bb-cc-dd-ee-ff # Lowercase with "-"
AABBCCDDEEFF # Capitals without delimiter 
AA:BB:CC:DD:EE:FF # Capitals with ":"
AA-BB-CC-DD-EE-FF # Capitals with "-"
aAbbcCddEeFf # Mixed Case
TestSSID # without spaces
Test SSID # with spaces

[mickhaorex]

As for the journal file, it’s the SQLite rollback journal and is used for atomic writes on the database. The reason I’m not batch writing is because the current version of the engine is nearly synchronous and handles frames that way from start to finish. The AO rewrite will use batched inserts to reduce the amount of writes and improve performance anyway, so reducing writes will be a side effect.

In that case, couldn't the creation of the *.pcap-ng.kismet-journal file be redirected to tmpfs? Or at least add a parameter for AngryOxide to allow the user to specify the location of the journal file? I think it would help to reduce the load on the SD card.

[Ragnt]

Let me clarify that the pcapng file and the sqlite database are different. The pcapng file writes every frame to disk only once.

The sqlite database is using the rollback journal as a part of it's standard operation, I am unable to (without writing my own sqlite library) choose where that journal file goes. There are PRAGMA options such as storing the journal in volatile memory, but those come with the side effect of potentially corrupting the database in the case of a crash or sudden loss of power (as opposed to just corrupting the data in the journal).

If my math (supplemented with some GPT help) here is correct, I would prefer maintain the reliability of the data considering 1.45MiB/s on a 50,000 cycle SD card of 32GB will still live like 35 years.

Regardless, I can add the option in the next full version of AO to force the journal into RAM, but it won't be the default behavior.

[mickhaorex]

Regardless, I can add the option in the next full version of AO to force the journal into RAM, but it won't be the default behavior.

Thank you for your responsiveness. My concern about the wear and tear of the SD card is not from scratch. I once had a sad experience when the microSD failed due to the fact that it had SWAP memory on it. After that, I try to eliminate the options when the operating system and SWAP are on the same physical drive.