Difference between revisions of "Kismet"

From ForensicsWiki
Jump to: navigation, search
(New page: {{Infobox_Software | name = Kismet | maintainer = Mike Kershaw | os = {{Linux}} | genre = Wireless forensics | license = {{GPL}} | website = [http://www.kismetwireless.net/ www...)
 
m
 
Line 8: Line 8:
 
}}
 
}}
  
'''Kismet''' is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
+
'''Kismet''' is an 802.11 layer2 wireless network detector, [[sniffer]], and intrusion detection system.
  
 
== Overview ==
 
== Overview ==

Latest revision as of 14:19, 24 September 2008

Kismet
Maintainer: Mike Kershaw
OS: Linux
Genre: Wireless forensics
License: GPL
Website: www.kismetwireless.net

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

Overview

  • Wireshark/Tcpdump compatible data logging;
  • Airsnort compatible weak-iv packet logging;
  • Network IP range detection;
  • Built-in channel hopping and multicard split channel hopping;
  • Hidden network SSID decloaking;
  • Graphical mapping of networks;
  • Client/server architecture allows multiple clients to view a single Kismet server simultaneously;
  • Manufacturer and model identification of access points and clients;
  • Detection of known default access point configurations;
  • Runtime decoding of WEP packets for known networks;
  • Named pipe output for integration with other tools, such as a layer3 IDS like Snort;
  • Multiplexing of multiple simultaneous capture sources on a single Kismet instance;
  • Distributed remote drone sniffing;
  • XML output;
  • Over 20 supported card types.

Intrusion Detection

Kismet will detect following events:

  • Active network scanning (NetStumbler, PocketStumbler, etc);
  • SSID brute force attempts;
  • Broadcast disconnect/deauthenticate attacks;
  • Deauthenticate/disassociate flood;
  • Fake APs (new AP on another channel, invalid BSS timestamps);
  • Many DoS attacks (zero-length SSID, over-long SSID, etc).