ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Slack space" and "Kismet"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Redirecting to Slack)
 
(New page: {{Infobox_Software | name = Kismet | maintainer = Mike Kershaw | os = {{Linux}} | genre = Wireless forensics | license = {{GPL}} | website = [http://www.kismetwireless.net/ www...)
 
Line 1: Line 1:
#REDIRECT [[slack]]
+
{{Infobox_Software |
 +
  name = Kismet |
 +
  maintainer = Mike Kershaw |
 +
  os = {{Linux}} |
 +
  genre = Wireless forensics |
 +
  license = {{GPL}} |
 +
  website = [http://www.kismetwireless.net/ www.kismetwireless.net] |
 +
}}
 +
 
 +
'''Kismet''' is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
 +
 
 +
== Overview ==
 +
 
 +
* [[Wireshark]]/[[Tcpdump]] compatible data logging;
 +
* [[Airsnort]] compatible weak-iv packet logging;
 +
* Network IP range detection;
 +
* Built-in channel hopping and multicard split channel hopping;
 +
* Hidden network SSID decloaking;
 +
* Graphical mapping of networks;
 +
* Client/server architecture allows multiple clients to view a single Kismet server simultaneously;
 +
* Manufacturer and model identification of access points and clients;
 +
* Detection of known default access point configurations;
 +
* Runtime decoding of WEP packets for known networks;
 +
* Named pipe output for integration with other tools, such as a layer3 IDS like [[Snort]];
 +
* Multiplexing of multiple simultaneous capture sources on a single Kismet instance;
 +
* Distributed remote drone sniffing;
 +
* [[XML]] output;
 +
* Over 20 supported card types.
 +
 
 +
== Intrusion Detection ==
 +
 
 +
Kismet will detect following events:
 +
 
 +
* Active network scanning (NetStumbler, PocketStumbler, etc);
 +
* SSID brute force attempts;
 +
* Broadcast disconnect/deauthenticate attacks;
 +
* Deauthenticate/disassociate flood;
 +
* Fake APs (new AP on another channel, invalid BSS timestamps);
 +
* Many DoS attacks (zero-length SSID, over-long SSID, etc).
 +
 
 +
[[Category:Network Forensics]]

Revision as of 20:21, 12 September 2008

Kismet
Maintainer: Mike Kershaw
OS: Linux
Genre: Wireless forensics
License: GPL
Website: www.kismetwireless.net

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

Overview

  • Wireshark/Tcpdump compatible data logging;
  • Airsnort compatible weak-iv packet logging;
  • Network IP range detection;
  • Built-in channel hopping and multicard split channel hopping;
  • Hidden network SSID decloaking;
  • Graphical mapping of networks;
  • Client/server architecture allows multiple clients to view a single Kismet server simultaneously;
  • Manufacturer and model identification of access points and clients;
  • Detection of known default access point configurations;
  • Runtime decoding of WEP packets for known networks;
  • Named pipe output for integration with other tools, such as a layer3 IDS like Snort;
  • Multiplexing of multiple simultaneous capture sources on a single Kismet instance;
  • Distributed remote drone sniffing;
  • XML output;
  • Over 20 supported card types.

Intrusion Detection

Kismet will detect following events:

  • Active network scanning (NetStumbler, PocketStumbler, etc);
  • SSID brute force attempts;
  • Broadcast disconnect/deauthenticate attacks;
  • Deauthenticate/disassociate flood;
  • Fake APs (new AP on another channel, invalid BSS timestamps);
  • Many DoS attacks (zero-length SSID, over-long SSID, etc).