Kismet
A wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.
Last updated
A wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.
Last updated
In this lab, we'll be exploring the open source Kismet project.
Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework. It is not a tool set developed by the WLAN Pi dev team, but it does come pre-installed as part of the WLAN Pi software image, as it provides valuable features for Wireless engineers.
First, let's take a look at exactly what Kismet isโฆ and then we can follow up with lab exercises.
To complete this lab, you'll need the following items:
Computing device with a browser (generic tablet, iPad, Windows laptop or Mac)
WLAN Pi
Note that Kismet is already installed on the WLAN Pi OS, so there is no requirement to install any additional packages.
To use Kismet on the WLAN Pi, there must be IP connectivity between your computing device and the WLAN Pi.
Your computing device will be connected to the lab Wi-Fi network, and your WLAN Pi will be connected to one of the lab PoE switch ports.
Once both devices have a network connection, you can use the IP address displayed on the front panel of your WLAN Pi as the target address for your browser session.
Kismet is a monitoring tool for wireless. Initially supporting only 802.11 Wi-Fi, with the proper hardware, Kismet can now capture Bluetooth advertisements, BTLE, nRF-based wireless mice and keyboards, weather stations, wireless thermometers, switches, smoke detectors, 802.15.4 / Zigbee, ADSB airplane transponders, AMR wireless power, water meters, gas meters, and more.
Kismet operates almost entirely passively, with a few exceptions (such as Bluetooth scanning mode) noted in the documentation for those capture types.
Kismet is not an attack tool (generally) โ to test your Wi-Fi security, check out tools like Aircrack-ng (preinstalled for you already, btw!) or the Wi-Fi Pineapple.
Kismet is largely focused on collecting, collating, and sorting wireless data. The logs generated by Kismet can be fed into other tools (the pcap, handshakes, and other data) like hashcat, aircrack, and more.
Kismet is fundamentally different than Wireshark. Kismet primarily focuses on representing devices; access points, clients, bridged wired devices, sensors, Bluetooth entities, and so on, while Wireshark focuses on displaying packet capture traces and enabling you to go deep into specific packet details.
Kismet and Wireshark work best when used together.
Kismet collects packets and logs them to standard formats (pcap and pcapng) or the kismetdb format which can be converted directly to pcap and pcapng, and collects location, changes over time, etc.
Wireshark can open the pcap logs and give extensive, detailed information about specific packets. Each tool is designed for a different job, but operate well together.
Kismet source and more info:
Wi-Fi channels in Kismet define both the basic channel number, and extra channel attributes such as 802.11n 40 MHz channels, 802.11ac 80 MHz and 160 MHz channels, and non-standard half and quarter rate channels at 10 MHz and 5 MHz.
Kismet will auto-detect the supported channels on most Wi-Fi cards. Monitoring on HT40, VHT80, and VHT160 requires support from your card.
Channels can be defined by channel number or frequency.
xx
Basic 20 MHz channel, such as 6
or 153
xxxx
Basic 20 MHz frequency, such as 2412
XXHT20
20 MHz HT20 channel, such as 6HT20
XXXXHT20
20 MHz frequency, such as 2412HT20
xxHT40+
40 MHz 802.11n with upper secondary channel, such as 6HT40+
xxHT40-
40 MHz 802.11n with lower secondary channel, such as 6HT40-
xxVHT80
80 MHz 802.11ac channel, such as 116VHT80
xxVHT160
160 MHz 802.11ac channel, such as 36VHT160
xxW10
10 MHz half-channel, a non-standard channel type supported on some Atheros devices. This cannot be automatically detected, you must manually add it to the channel list for a source.
xxW5
5 MHz quarter-channel, a non-standard channel type supported on some Atheros devices. This cannot be automatically detected, you must manually add it to the channel list for a source.
It is very probably that your data source will be "Linux Wi-Fi" when capturing with Kismet.
The Linux Wi-Fi data source handles capturing from Wi-Fi interfaces using the two most recent Linux standards: The new netlink/mac80211 standard present since approximately 2007, and the legacy ioctl-based IW extensions system present since approximately 2002.
Wi-Fi packet capture is accomplished via โmonitor modeโ, a special mode where the card is told to report all packets seen, and to report them at the 802.11 link layer instead of emulating an Ethernet device.
The Linux Wi-Fi source will auto-detect supported interfaces by querying the network interface list and checking for wireless configuration APIs. It can be manually specified with type=linuxwifi