New Kismet version
Program for monitoring Wi-Fi
Kismet is a wireless 802.11 detector, sniffer and intrusion detection system. The program monitors wireless space and keeps logs of detected devices and various events (for example, wireless attacks). When using the GPS module, Kismet can record the coordinates of the access points seen. Thanks to this, you can later impose the found Wi-Fi access points on the map.
Over the past years, active work has been carried out on the new version of Kismet. This version is in the BETA stage, but it works well. The most important thing is that the new version has brought many changes!
Now Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.
Kismet works with Wi-Fi interfaces, Bluetooth interfaces, some SDR (software defined radio) hardware like the RTLSDR, and other specialized capture hardware.
Kismet works on Linux, OSX, and, to a degree, Windows 10 under the WSL framework. On Linux it works with most Wi-Fi cards, Bluetooth interfaces, and other hardware devices. On OSX it works with the built-in Wi-Fi interfaces, and on Windows 10 it will work with remote captures.
Kismet is under active development, with the latest development versions introducing:
- A new web-based UI
- HTTP/HTTPS scriptable API with JSON data records
- A new unified kismetdb log format which stores packets, location, messages, and device records in a single file
- Live streaming of PCAP captures over HTTP
- Selective retrieval of packet history
- New super-lightweight remote capture code for use on devices with extremely limited RAM and storage
- Transparent remote packet capture from networked sensors
- PCAP-NG multi-interface multi-dlt capture
- Support for non-Wi-Fi protocols like Bluetooth, low-frequency environmental sensors, wireless keyboards & mice, and more
To summarize, you can now monitor the data directly in a web browser and instead of a large number of different files, only two files are now created during the monitoring process. And you can work not only with Wi-Fi.
Currently in your Kali Linux or BlackArch installations you can find 2016_07_R1 version. Below in this article, you can see how 2018-08-BETA1 looks like (the version number seems to be released in August, but the code is constantly being changed.
How to install the new version of Kismet
You need to remove the previous version if it was installed. In Kali Linux for this run:
sudo apt remove kismet
In BlackArch, Arch Linux to uninstall Kismet, do:
sudo pacman -R kismet
By the way, about how to upgrade the beta version of Kismet is shown at the end of this article - it also shows how to remove Kismet, if it is installed manually.
Now you need to install dependencies.
In Kali Linux, Ubuntu, Debian, Linux Mint to do this, run:
sudo apt install build-essential git libmicrohttpd-dev pkg-config zlib1g-dev libnl-3-dev libnl-genl-3-dev libcap-dev libpcap-dev libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev libprotobuf-c-dev protobuf-compiler protobuf-c-compiler libsensors4-dev python python-setuptools python-protobuf python-requests librtlsdr0 python-usb python-paho-mqtt libusb-1.0-0-dev
In BlackArch, Arch Linux, to install the Kismet dependencies, do:
sudo pacman -S libmicrohttpd git pkgconf zlib libnl libcap libpcap libnm libdwarf sqlite protobuf protobuf-c lm_sensors python2 python2-setuptools python2-protobuf python2-requests rtl-sdr python2-pyusb libusb --needed
If you do not know what rtl_433 is, then skip this step. To support rtlsdr rtl_433 install:
sudo pacman -S rtl-sdr python2-pyusb --needed sudo pip2 install paho-mqtt
As well as the rtl_433 tool from https://github.com/merbanan/rtl_433.
To support Mousejack/nRF and other USB devices, install:
sudo pacman -S libusb --needed
Installing dependencies in Fedora (and related distributions):
sudo dnf install make automake gcc gcc-c++ kernel-devel git libmicrohttpd-devel pkg-config zlib-devel libnl3-devel libcap-devel libpcap-devel NetworkManager-libnm-devel libdwarf libdwarf-devel elfutils-devel libsqlite3x-devel protobuf-devel protobuf-c-devel protobuf-compiler protobuf-c-compiler lm_sensors-devel libusb-devel fftw-devel
Further, the installation process is the same on all systems.
git clone https://www.kismetwireless.net/git/kismet.git
Go to its folder:
If the repository is downloaded earlier, then update it:
Run the configuration. All features of your system will be taken into account and preparation for compiling Kismet will be done. If you do not have any dependencies or versions of the libraries are not compatible, then you will get to know about the problems at this stage:
If the configuration was successful, a Configuration complete: message will be displayed and a summary that will show which key features are enabled or disabled. There will also be warnings about missing dependencies that will fundamentally affect the compiled Kismet.
Compilation is done with the command:
But you can significantly speed up the process by adding the -j # option with which you specify the number of CPU cores you have. To automatically compile on all available kernels:
This second option is preferred since compilation takes really long! But remember: C++ uses quite a lot of RAM to compile, so depending on the amount of available RAM on your system, you may need to limit the number of simultaneously running processes.
Running compilation on 12 cores:
It can be seen that the amount of consumed RAM used jumped to 9 Gigabytes, and at peak it reached 12 Gigabytes. But the compilation itself was completed in about a minute (on one core, the compilation took 10+ minutes).
Install Kismet. In most cases, you should install Kismet as suid-root (with suid bit). Kismet will automatically add a group and install the appropriate binary files for capture.
Once installed as suid-root, Kismet will launch binaries that control channels and interfaces with the necessary privileges, but the processes of decoding packages and starting the web interface will be performed without root privileges.
sudo make suidinstall
Add yourself to the kismet group:
sudo usermod -aG kismet $USER
Log out and log in again. Linux does not update groups while you are logged in the system. If you have just added yourself to the Kismet group, then you need to relogin.
Check if you are a member of the Kismet group:
If you are not in the kismet group (that is, if there is no kismet among the groups displayed), then you need to exit completely or just restart the computer.
If you installed Kismet with a suid bit, then to start the program you do not need to specify sudo, that is, you can start like this:
Now open a web browser and go there at http://localhost:2501.
We are welcomed by the message:
It says that this is our first launch of Kismet, that the program stores its settings in the browser's HTML5 repository and that we need to log in and set other settings.
At the moment, only the web interface is running - no data is being collected yet.
Also we are shown a message:
It indicates that the login has not yet been completed. For us, generated credentials are placed in the ~/.kismet/kismet_httpd.conf file. If you run the command as root (for example, with sudo), then the file will be located along the /root/.kismet/kismet_httpd.conf path.
Let's look at the contents of this file:
Click on the Settings button, you will find yourself in the Login & Password tab. Enter there your data that you looked in the kismet_httpd.conf file:
If you need to go to this menu item again, in the left part of the screen click on the button to bring up the menu and click Settings there.
Now, to start collecting data, you need to call the menu, there select Data Sources.
In the list of available devices, find the one you want to use for data capturing, expand it, and click the Enable Sources button:
The name hci0 is a Bluetooth device - I also turned it on to capture data:
The collected information will be available in the web interface, important messages are displayed in the console, including error messages and prompts:
Different settings are available for Wi-Fi devices:
In the first line, you can pause monitoring with this device (Paused) or resume it (Running). In the second line, you can choose to listen to one channel (Lock) or automatic channel switching (Hop). On the next line, you can select the channels you want to listen to.
An example of captured information in Kismet:
You can do the sorting on various filters. For example, by the number of clients:
By the way, you shouldn’t believe the numbers of quantity of clients - nowadays most modern phones constantly change their MAC address arbitrarily, so the same device can be counted many times.
Or by the amount of data transferred:
You can click on the device you are interested in and see its detailed information. Device info:
Data transfer activity information:
In the Kismet settings menu, you can add or remove displayed fields:
You can also choose colors to highlight especially important data:
An example of using Kismet to determine the direction in which the Wi-Fi device is located
Situation: there is an Access Point to which I can connect, but which is quite far away and because of this, the connection is sometimes lost.
My goal: to determine the direction in which the target AP is located in order to correctly rotate the directional antenna.
Instead of a directional antenna, for example, you can use a Wi-Fi adapter with all direction antenna, but rearrange it to different places in your room to determine the location with the best signal of communication.
So, the target access point Paangoon_2G, we look at its characteristics:
The access point works on channel 9, the signal level with an omnidirectional antenna is -75 dbm.
Pausing unnecessary data sources:
We turn on the adapter with a directional antenna and set up to listen to it only channel 9:
Go to the settings for selecting the data to be highlighted and tick the Active box:
This will turn on the cyan highlight of the active access points. Active are those from which any data has been received within the last 10 seconds. The fact is that if the Access Point is no longer visible, then it does not disappear from the list and shows the last value as the signal level. Therefore, sometimes it is not immediately possible to understand that AP has not been visible for a long time.
We try to turn the antenna or move the Wi-Fi adapter in different locations. You can also try different antennas.
The greater the value (the negative values, the closer to zero, the larger they are) - the better the signal:
In some directions, the signal will deteriorate:
If AP ‘turned white’, then it is no longer visible at all:
The data can ‘jump’ just from the reasons invisible to us. No need to rush the movement of the antenna or adapter, as the data is not updated immediately.
How to upgrade the beta version of Kismet
You need to start with the complete removal of the old version of Kismet. Since it was not installed via the standard package manager, you need to delete all files manually (note that all configuration files are also deleted):
sudo rm -rf /root/.kismet /usr/local/share/kismet sudo rm /usr/bin/kismet* /usr/local/bin/kismet* /usr/local/etc/kismet* /usr/local/lib/pkgconfig/kismet.pc
Then you need to perform the installation (the installation of the dependencies is skipped because the update is being performed, and not the fresh installation):
git clone https://www.kismetwireless.net/git/kismet.git cd kismet
If the repository is downloaded earlier, then update it:
make # OR make -j$(nproc)
If you need to forcefully re-create the configuration files (for example, configurations from the old version of the program remain, and the format of the configuration files has changed in the new version), then in the kismet folder execute:
sudo make forceconfigs
If you have any difficulties, try stopping the NetworkManager service:
sudo systemctl stop NetworkManager.service
Sometimes the program may show a hint that the system wireless reg domain is set to '00'; and that this can cause problems when setting up channels. If you have problems, set the reg domain with a command like
sudo iw reg set BZ
on the reg domain that is suitable for your location.
This is an overview, rather superficial article on new features and a new Kismet user interface. Issues of launching Kismet as services, setting configuration files, .kismet-journal and .kismet log files, command line options and other quite important issues remained unanswered.
After a stable version will be released, additional manuals will be written.
- Three ways to set wireless interface to Monitor mode and Managed mode (69.5%)
- BoopSuite is an alternative to Airodump-ng, Airmon-ng and Aireplay-ng (69.5%)
- How to decrypt WPA traffic in Wireshark (69.5%)
- How to hack Wi-Fi in Windows (65.1%)
- How to install WiFi-Pumpkin in Linux Mint or Ubuntu (58.8%)
- How to find out to which Wi-Fi networks a computer were connected to and stored Wi-Fi passwords (RANDOM - 50%)