ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Kismet"

From ForensicsWiki
Jump to: navigation, search
(New page: {{Infobox_Software | name = Kismet | maintainer = Mike Kershaw | os = {{Linux}} | genre = Wireless forensics | license = {{GPL}} | website = [http://www.kismetwireless.net/ www...)
 
m
 
Line 8: Line 8:
 
}}
 
}}
  
'''Kismet''' is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
+
'''Kismet''' is an 802.11 layer2 wireless network detector, [[sniffer]], and intrusion detection system.
  
 
== Overview ==
 
== Overview ==

Latest revision as of 19:19, 24 September 2008

Kismet
Maintainer: Mike Kershaw
OS: Linux
Genre: Wireless forensics
License: GPL
Website: www.kismetwireless.net

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

Overview

  • Wireshark/Tcpdump compatible data logging;
  • Airsnort compatible weak-iv packet logging;
  • Network IP range detection;
  • Built-in channel hopping and multicard split channel hopping;
  • Hidden network SSID decloaking;
  • Graphical mapping of networks;
  • Client/server architecture allows multiple clients to view a single Kismet server simultaneously;
  • Manufacturer and model identification of access points and clients;
  • Detection of known default access point configurations;
  • Runtime decoding of WEP packets for known networks;
  • Named pipe output for integration with other tools, such as a layer3 IDS like Snort;
  • Multiplexing of multiple simultaneous capture sources on a single Kismet instance;
  • Distributed remote drone sniffing;
  • XML output;
  • Over 20 supported card types.

Intrusion Detection

Kismet will detect following events:

  • Active network scanning (NetStumbler, PocketStumbler, etc);
  • SSID brute force attempts;
  • Broadcast disconnect/deauthenticate attacks;
  • Deauthenticate/disassociate flood;
  • Fake APs (new AP on another channel, invalid BSS timestamps);
  • Many DoS attacks (zero-length SSID, over-long SSID, etc).