Kismet

Revision as of 05:34, 7 September 2024 by Maintenance script (talk | contribs) (Initial)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Installation Linux MacOS Configuration Network Interface Card (NIC) Configuration GPS Adapter Wireless Adapter Logging Web UI Remote Capture Plugins Alerts Running Kismet Troubleshooting GPSD Error Linux MacOS USB Error Linux MacOS

How do I add an SDR as a data source in Kismet? Why is my GPS not providing accurate data to Kismet? Can I use Kismet for wardriving, and how? How can I improve the capture range of my SDR in Kismet? What is the best way to manage and analyze logs collected by Kismet? Can Kismet monitor Bluetooth devices, and how?

What Is Kismet

Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.

Kismet works with Wi-Fi and Bluetooth interfaces, SDR (software-defined radio) hardware like the RTLSDR, and other specialized capture hardware.

Kismet works on Linux, OSX, and, to a degree, Windows 10 under the WSL framework. Linux works with most Wi-Fi cards, Bluetooth interfaces, and other hardware devices. On MacOS, it works with the built-in Wi-Fi interfaces, and on Windows 10, it will work with remote captures.[1] # Passive Monitoring Kismet operates almost entirely passively, with a few exceptions (such as Bluetooth scanning mode) noted in the documentation for those capture types.

Kismet is not an attack tool (generally) - to test your Wi-Fi security check out tools like Aircrack-NG or the Wi-Fi Pineapple.

Kismet is largely focused on collecting, collating, and sorting wireless data. The logs generated by Kismet can be fed into other tools (the pcap, handshakes, and other data) like hashcat, aircrack, and more.[2]

Installation

Linux

<syntaxhighlight lang="bash">#remove kismet if on system sudo apt autoremove kismet

install dependencies for kismet

sudo apt install -y build-essential git libwebsockets-dev pkg-config zlib1g-dev libnl-3-dev libnl-genl-3-dev libcap-dev libpcap-dev libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev libprotobuf-c-dev protobuf-compiler protobuf-c-compiler libsensors4-dev libusb-1.0-0-dev python3 python3-setuptools python3-protobuf python3-requests python3-numpy python3-serial python3-usb python3-dev python3-websockets librtlsdr0 libubertooth-dev libbtbb-dev gpsd gpsd-clients

git kismet

git clone https://www.kismetwireless.net/git/kismet.git cd kismet ./configure

  1. make using all available cores

make -j$(nproc) </syntaxhighlight>

MacOS

<syntaxhighlight lang="bash">#install xcode if not installed xcode-select -p 1>/dev/null || xcode-select --install

  1. Install brew if not installed

which -s brew if $? != 0  ; then

   # Install Homebrew
   ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

else

   brew update

fi

install dependencies for kismet

brew install git pkg-config python3 libpcap protobuf protobuf-c pcre librtlsdr libbtbb ubertooth libusb openssl libwebsockets gpsd

git kismet

git clone https://www.kismetwireless.net/git/kismet.git cd kismet

  1. configure kismet
./configure
# if you have issues with openssl paths, you can specify them manually

LDFLAGS=-L$(brew --prefix)/lib CPPFLAGS="-I$(brew --prefix)/include -I$(brew --prefix openssl)/include" ./configure

  1. make using all available cores

make -j$(nproc) sudo usermod -aG kismet $USER</syntaxhighlight> [3]

Configuration

Network Interface Card (NIC) Configuration

Kismet requires a wireless network interface card (NIC) to capture wireless data. The iwconfig command lists available wireless interfaces on your system. If you’re using a USB wireless adapter, you may need to plug it in and check the available interfaces again.

<syntaxhighlight lang="bash">#list available wireless interfaces iwconfig

  1. If you're using a USB wireless adapter, you may need to plug it in and check the available interfaces again.</syntaxhighlight>

For these configurations, you’ll edit the kismet.conf file in the kismet directory.

<syntaxhighlight lang="bash">#navigate to the kismet directory cd kismet

  1. edit the kismet.conf file

nano kismet.conf</syntaxhighlight>

GPS Adapter

<syntaxhighlight lang="bash">#configure gps adapter gps=true gpsd=true gpsd-host=localhost gpsd-port=2947</syntaxhighlight>

Wireless Adapter

<syntaxhighlight lang="bash">#configure wireless adapter ncsource=wlan0</syntaxhighlight>

Logging

<syntaxhighlight lang="bash">#configure logging logtypes=pcapdump,netxml logtemplate=%n-%d-%i.%l</syntaxhighlight>

Web UI

<syntaxhighlight lang="bash">#configure web ui web=true webport=2501</syntaxhighlight>

Remote Capture

<syntaxhighlight lang="bash">#configure remote capture remote=true remotesource=wlan0</syntaxhighlight>

Plugins

<syntaxhighlight lang="bash">#configure plugins plugins=alert_log,db-log,db-sqlite,db-geoip

  1. find more plugins here: https://github.com/topics/kismet-plugin</syntaxhighlight>

Alerts

<syntaxhighlight lang="bash">#configure alerts alerts=alert_log,alert_syslog,alert_screens,alert_webhook</syntaxhighlight>

Running Kismet

<syntaxhighlight lang="bash">#run kismet, from the kismet directory ./kismet

common options for kismet

-c <config file> - specify a config file

-n - don't start the UI

-f <log file> - log to a file

-t <log type> - log to a specific type

-l <log level> - log at a specific level

-p <plugin> - load a specific plugin

-u <user> - run as a specific user

-w <work dir> - specify a working directory</syntaxhighlight>

Troubleshooting

GPSD Error

Linux

<syntaxhighlight lang="bash">#install gpsd sudo apt install gpsd gpsd-clients

  1. start gpsd

sudo systemctl start gpsd</syntaxhighlight>

MacOS

<syntaxhighlight lang="bash">#install gpsd brew install gpsd

  1. start gpsd

gpsd -N -D 2 /dev/ttyUSB0</syntaxhighlight>

USB Error

Linux

<syntaxhighlight lang="bash">#add user to kismet group sudo usermod -aG kismet $USER</syntaxhighlight>

MacOS

<syntaxhighlight lang="bash">#add user to kismet group sudo dseditgroup -o edit -a $USER -t user kismet</syntaxhighlight>

FAQs

How do I add an SDR as a data source in Kismet?

To add an SDR as a data source, you must ensure your SDR drivers (such as those for RTLSDR) are properly installed and recognized by your system. In Kismet, navigate to the data source configuration section and add your SDR using the appropriate driver. For RTLSDR, this would typically involve adding rtladsb for ADS-B capture, rtlamr for AMR capture, or rtl433 for general 433 MHz device capture.

Why is my GPS not providing accurate data to Kismet?

First, ensure your GPS device is correctly installed and recognized by your system, using tools like gpsd and cgps to verify its operation. GPS accuracy can degrade in buildings or areas with poor sky visibility. Placing the GPS receiver near a window or more open area might improve signal quality. Additionally, ensure Kismet is correctly configured to use GPS data by specifying the GPS source in its configuration.

Can I use Kismet for wardriving, and how?

Kismet is highly effective for wardriving due to its passive monitoring capabilities. For wardriving, ensure you have a portable power source, a laptop or a Raspberry Pi with Kismet installed, and one or more compatible wireless interfaces. Configure Kismet to log data to disk and, if desired, integrate with a GPS device for geolocation tagging. Use Kismet’s wardriving mode for optimized settings.

How can I improve the capture range of my SDR in Kismet?

Improving capture range involves both software configurations and hardware enhancements. Ensure your SDR’s gain settings are optimized within Kismet or the SDR’s driver settings. On the hardware side, using higher-quality antennas suited to your monitoring frequency bands can significantly improve range. Directional antennas can provide a greater range in a specific direction, while omnidirectional antennas offer broader coverage.

What is the best way to manage and analyze logs collected by Kismet?

Kismet generates logs in several formats, including the Kismetdb log format, which can be analyzed using Kismet’s tools or converted into more common formats like PCAP, CSV, or KML. Tools like Wireshark can analyze PCAP files for detailed packet inspection. For broader data analysis, including signal mapping and device tracking, converting logs to KML for use with geographic information systems (GIS) software or CSV for database and spreadsheet analysis can be effective.

Can Kismet monitor Bluetooth devices, and how?

Yes, Kismet can monitor Bluetooth devices by using compatible Bluetooth interfaces. Ensure your system’s Bluetooth interface is supported by Kismet and correctly configured as a data source. Kismet can capture Bluetooth device advertisements and connections, providing insight into the presence and behavior of Bluetooth devices in the vicinity.



Reference

https://www.kismetwireless.net/

https://www.kismetwireless.net/docs/readme/intro/#passive-monitoring

https://www.kismetwireless.net/docs/readme/quickstart/#compiling-quick-setup