Kismet

From ForensicsWiki
Revision as of 14:19, 24 September 2008 by .FUF (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Kismet
Maintainer: Mike Kershaw
OS: Linux
Genre: Wireless forensics
License: GPL
Website: www.kismetwireless.net

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

Overview

  • Wireshark/Tcpdump compatible data logging;
  • Airsnort compatible weak-iv packet logging;
  • Network IP range detection;
  • Built-in channel hopping and multicard split channel hopping;
  • Hidden network SSID decloaking;
  • Graphical mapping of networks;
  • Client/server architecture allows multiple clients to view a single Kismet server simultaneously;
  • Manufacturer and model identification of access points and clients;
  • Detection of known default access point configurations;
  • Runtime decoding of WEP packets for known networks;
  • Named pipe output for integration with other tools, such as a layer3 IDS like Snort;
  • Multiplexing of multiple simultaneous capture sources on a single Kismet instance;
  • Distributed remote drone sniffing;
  • XML output;
  • Over 20 supported card types.

Intrusion Detection

Kismet will detect following events:

  • Active network scanning (NetStumbler, PocketStumbler, etc);
  • SSID brute force attempts;
  • Broadcast disconnect/deauthenticate attacks;
  • Deauthenticate/disassociate flood;
  • Fake APs (new AP on another channel, invalid BSS timestamps);
  • Many DoS attacks (zero-length SSID, over-long SSID, etc).