Difference between pages "Slack space" and "Kismet"
From Forensics Wiki
(Difference between pages)
(Redirecting to Slack) |
(New page: {{Infobox_Software | name = Kismet | maintainer = Mike Kershaw | os = {{Linux}} | genre = Wireless forensics | license = {{GPL}} | website = [http://www.kismetwireless.net/ www...) |
||
| Line 1: | Line 1: | ||
| − | + | {{Infobox_Software | | |
| + | name = Kismet | | ||
| + | maintainer = Mike Kershaw | | ||
| + | os = {{Linux}} | | ||
| + | genre = Wireless forensics | | ||
| + | license = {{GPL}} | | ||
| + | website = [http://www.kismetwireless.net/ www.kismetwireless.net] | | ||
| + | }} | ||
| + | |||
| + | '''Kismet''' is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. | ||
| + | |||
| + | == Overview == | ||
| + | |||
| + | * [[Wireshark]]/[[Tcpdump]] compatible data logging; | ||
| + | * [[Airsnort]] compatible weak-iv packet logging; | ||
| + | * Network IP range detection; | ||
| + | * Built-in channel hopping and multicard split channel hopping; | ||
| + | * Hidden network SSID decloaking; | ||
| + | * Graphical mapping of networks; | ||
| + | * Client/server architecture allows multiple clients to view a single Kismet server simultaneously; | ||
| + | * Manufacturer and model identification of access points and clients; | ||
| + | * Detection of known default access point configurations; | ||
| + | * Runtime decoding of WEP packets for known networks; | ||
| + | * Named pipe output for integration with other tools, such as a layer3 IDS like [[Snort]]; | ||
| + | * Multiplexing of multiple simultaneous capture sources on a single Kismet instance; | ||
| + | * Distributed remote drone sniffing; | ||
| + | * [[XML]] output; | ||
| + | * Over 20 supported card types. | ||
| + | |||
| + | == Intrusion Detection == | ||
| + | |||
| + | Kismet will detect following events: | ||
| + | |||
| + | * Active network scanning (NetStumbler, PocketStumbler, etc); | ||
| + | * SSID brute force attempts; | ||
| + | * Broadcast disconnect/deauthenticate attacks; | ||
| + | * Deauthenticate/disassociate flood; | ||
| + | * Fake APs (new AP on another channel, invalid BSS timestamps); | ||
| + | * Many DoS attacks (zero-length SSID, over-long SSID, etc). | ||
| + | |||
| + | [[Category:Network Forensics]] | ||
Revision as of 15:21, 12 September 2008
| Kismet | |
|---|---|
| Maintainer: | Mike Kershaw |
| OS: | Linux |
| Genre: | Wireless forensics |
| License: | GPL |
| Website: | www.kismetwireless.net |
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
Overview
- Wireshark/Tcpdump compatible data logging;
- Airsnort compatible weak-iv packet logging;
- Network IP range detection;
- Built-in channel hopping and multicard split channel hopping;
- Hidden network SSID decloaking;
- Graphical mapping of networks;
- Client/server architecture allows multiple clients to view a single Kismet server simultaneously;
- Manufacturer and model identification of access points and clients;
- Detection of known default access point configurations;
- Runtime decoding of WEP packets for known networks;
- Named pipe output for integration with other tools, such as a layer3 IDS like Snort;
- Multiplexing of multiple simultaneous capture sources on a single Kismet instance;
- Distributed remote drone sniffing;
- XML output;
- Over 20 supported card types.
Intrusion Detection
Kismet will detect following events:
- Active network scanning (NetStumbler, PocketStumbler, etc);
- SSID brute force attempts;
- Broadcast disconnect/deauthenticate attacks;
- Deauthenticate/disassociate flood;
- Fake APs (new AP on another channel, invalid BSS timestamps);
- Many DoS attacks (zero-length SSID, over-long SSID, etc).
