Difference between pages "Slack space" and "Kismet"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Redirecting to Slack)
 
(New page: {{Infobox_Software | name = Kismet | maintainer = Mike Kershaw | os = {{Linux}} | genre = Wireless forensics | license = {{GPL}} | website = [http://www.kismetwireless.net/ www...)
 
Line 1: Line 1:
#REDIRECT [[slack]]
+
{{Infobox_Software |
 +
  name = Kismet |
 +
  maintainer = Mike Kershaw |
 +
  os = {{Linux}} |
 +
  genre = Wireless forensics |
 +
  license = {{GPL}} |
 +
  website = [http://www.kismetwireless.net/ www.kismetwireless.net] |
 +
}}
 +
 
 +
'''Kismet''' is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
 +
 
 +
== Overview ==
 +
 
 +
* [[Wireshark]]/[[Tcpdump]] compatible data logging;
 +
* [[Airsnort]] compatible weak-iv packet logging;
 +
* Network IP range detection;
 +
* Built-in channel hopping and multicard split channel hopping;
 +
* Hidden network SSID decloaking;
 +
* Graphical mapping of networks;
 +
* Client/server architecture allows multiple clients to view a single Kismet server simultaneously;
 +
* Manufacturer and model identification of access points and clients;
 +
* Detection of known default access point configurations;
 +
* Runtime decoding of WEP packets for known networks;
 +
* Named pipe output for integration with other tools, such as a layer3 IDS like [[Snort]];
 +
* Multiplexing of multiple simultaneous capture sources on a single Kismet instance;
 +
* Distributed remote drone sniffing;
 +
* [[XML]] output;
 +
* Over 20 supported card types.
 +
 
 +
== Intrusion Detection ==
 +
 
 +
Kismet will detect following events:
 +
 
 +
* Active network scanning (NetStumbler, PocketStumbler, etc);
 +
* SSID brute force attempts;
 +
* Broadcast disconnect/deauthenticate attacks;
 +
* Deauthenticate/disassociate flood;
 +
* Fake APs (new AP on another channel, invalid BSS timestamps);
 +
* Many DoS attacks (zero-length SSID, over-long SSID, etc).
 +
 
 +
[[Category:Network Forensics]]

Revision as of 16:21, 12 September 2008

Kismet
Maintainer: Mike Kershaw
OS: Linux
Genre: Wireless forensics
License: GPL
Website: www.kismetwireless.net

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

Overview

  • Wireshark/Tcpdump compatible data logging;
  • Airsnort compatible weak-iv packet logging;
  • Network IP range detection;
  • Built-in channel hopping and multicard split channel hopping;
  • Hidden network SSID decloaking;
  • Graphical mapping of networks;
  • Client/server architecture allows multiple clients to view a single Kismet server simultaneously;
  • Manufacturer and model identification of access points and clients;
  • Detection of known default access point configurations;
  • Runtime decoding of WEP packets for known networks;
  • Named pipe output for integration with other tools, such as a layer3 IDS like Snort;
  • Multiplexing of multiple simultaneous capture sources on a single Kismet instance;
  • Distributed remote drone sniffing;
  • XML output;
  • Over 20 supported card types.

Intrusion Detection

Kismet will detect following events:

  • Active network scanning (NetStumbler, PocketStumbler, etc);
  • SSID brute force attempts;
  • Broadcast disconnect/deauthenticate attacks;
  • Deauthenticate/disassociate flood;
  • Fake APs (new AP on another channel, invalid BSS timestamps);
  • Many DoS attacks (zero-length SSID, over-long SSID, etc).