TOTAL
Since dec 2006
1'942'871 Visitors
4'218'042 Pages

Nov 2010 Stats
82'909 Visitors
146'476 Pages
196 countries
Full statistics



Help us translate
our tutorials!

JOIN the
OpenManiak Team.
OM TEAM
Director:
Blaise Carrera
Tutorials creation:
Blaise Carrera
Translaters:
Giovanni Fredducci
Angel Chraniotis
Moham. H. Karvan
Alexandro Silva
Blaise Carrera
Andrei Chertolyas
Sergiy Uvarov
Nickola Kolev
Łukasz Nowatkowski
Ivo Raisr
Catalin Bivolaru
Bogdan A. Costea
Kirill Simonov
Oliver Mucafir
JaeYoung Jeon
Seungyoon Lee
Jie Yu & Si Cheng
Tao Wei
YukiAlex
Fumihito Yoshida
Muhammad Takdir
Çağdaş Tülek
Auditors
Leslie Luthi
Joe Anderson
Jennifer Ockwell
Nigel Titley
Alison Rees
Sabrina Barbey
Webmaster:
Blaise Carrera
Kismet - The Easy Tutorial - Platform

Kismet Platform
Last Change : Dec 07 2010 french flagenglish flag


Tool
Install
Ergonomy
Forum



Details What is Kismet ?
Screenshots
Prerequisites
Installation
Configurations
Platform
802.11 Protocol
Logs
Wireless & Security

English spelling not yet checked!




If you like our tutorials, don't hesitate to support us and visit our sponsors!
Si vous aimez nos tutoriaux, n'hésitez pas à nous supporter et visiter nos sponsors!


Kismet has been installed and launched successfully, we can now study how to use it.
Data taken from the Kismet documentation is displayed in italic.

Kismet main interface:

kismet main interface

The Kismet main interface is composed by three sections:

                                1. NETWORK LIST:      2. INFO      3. STATUS



NETWORK LIST PANE:
By default, the Network list is composed of eight columns:

Name:
By default the SSID, you can change it to another name.

T (Type):
P Probe request
A Access point
H Ad-hoc
T Turbocell
G Group
D Data
 
No associated connection yet
Standard wireless network
Point to point wireless network
Turbocell aka Karlnet or Lucent Router
Group of wireless networks
Data only network with no control packets

W (WEP):
N No encryption in use
Y WEP encryption on use
O Other encryption in use (e.g. LEAP)

Ch (Channel):
Channel client is operating on

Packts (Packets):
Captured packets.

Flags:
Give a brief overview about information discovered on the network.
F

T#
U#
A#
D
Vulnerable factory configuration. Many people don't bother to ever change the configuration on their WAP. This is bad
Address range of # octets found via TCP traffic
Address range of # octets found via UDP traffic
Address range of # octets found via ARP traffic
Address range found via observed DHCP traffic

IP range:

Size:
Data captured by Kismet.
You can remove or add columns in the Kismet main interface by changing the "/etc/kismet/kismet_ui.conf" file. See details.

******************************************************

Colour:

Yellow: Unencrypted Network
Red: Factory default settings in use!
Green: Secure Networks (WEP, WPA etc..)
Blue SSID cloaking on / Broadcast SSID disabled


When SSID Broadcasting is disabled, unless a client knows the correct SSID, it cannot join the network.
Remember that SSID broadcasting disablement does not offer a security protection.
Check the "Wireless and Security" section for full details.



INFO PANE:

Ntwrks (Networks): Wireless Network List.
Pckets (Packets): Total number of packet captured.
Cryptd (Crypted):
Weak: Initialization Vectors that reveal information about the WEP key.
Noise:
Discrd (Discarded)
Pkts/s (Packets per second): Average Packets per second.



STATUS PANE:
Provides a log about the Kismet and wireless events.



Let's see the functionalities provided by Kismet:


QUICK REFERENCE:

Key
e
z
m
t
g
u
c
L
H
+/-
^L
Action
List Kismet servers
Toggle fullscreen zoom on network view
Toggle muting of sound and speech
Tag (or untag) selected network
Group tagged networks
Ungroup current group
Show clients in current network
Lock channel hopping to current channel
Return to normal channel hopping
Expand/collapse groups
Force a screen redraw
POPUP WINDOWS:

Key
h
n
i
s
l
d
r
a
p
f
w
x
Q
Action
Help
Name current network
Detailed info about current network
Sort network list
Show wireless card power levels
Dump printable strings
Packet rate graph
Statistics
Dump packet type
Follow network centre
Track alerts
Close popup window
Quit



"h" Key - Help

At any time you can hit "h" to get help.
Below, Kismet main interface help.

kismet help

Help called from a pop-up window.

kismet help help

Top of the page     Commands List



"z" Key - Toggle fullscreen zoom on the network view

Displays only the "Network List" pane. The "info" and "status" panes are hidden.

kismet toggle full screen

Why is a wireless network displayed as "no ssid" ?
Because Kismet detected a network that does not broadcast its SSID and does not exchanging any data.
Remember that even an AP hides its SSID, kismet is able to see the SSID when exchanges occurred between a client and the AP because the SSID field contained in wireless management frame travels in clear text.
Details about wireless frames
Details about SSID broadcasting


Top of the page     Commands List




"a" Key - Statistics

Provides global statistics about all the wireless networks:
- Capture start.
- Kismet servers (A Kismet client can connect to several Kismet servers).
- Wireless Network number.
- Total Packets.
- Maximum Packet rate.
- Channel Usage.

kismet global statistics

Top of the page     Commands List



"w" Key - Track alerts

Displays the alerts messages. This information is also displayed in the "status" pane.

kismet wireless alerts

Top of the page     Commands List



"e" Key - Servers list

Displays a list of the available Kismet servers.

kismet servers list

In the "Server list" pop-up window, use the "h" key to get information and the available commands

Kismet supports monitoring data from several servers simultaneously. When connected to mulitple servers, only servers which are tagged are displayed.
Key
t
p
c
d
r
q
Action
Tag (or untag) selected server
Make selected server the primary source
Connect to new server
Disconnect from selected server
Reconnect to selected server
Close server list

Top of the page     Commands List



"s" Key - Sort network list

Before being able to scroll and select the different wireless networks, you have first to sort the networks by pressing on the "s" key.

kismet sort wireless networks

We selected to sort by the ascending SSIDs. ("s" Key). The sorting method is indicated next to "Network List".
It is now possible to select the different wireless networks. The selected network is highlighted.

kismet ssid selection

Top of the page     Commands List



"n" Key - Name Current Network

By default, the discovered wireless networks take the name of their SSID.
If you want to rename a network, select a network and press on the "n" key.

kismet rename networks

kismet rename networks

Top of the page     Commands List



"t" Key - Tag (or untag) selected network

To tag a network, select a wireless network with the "up" or "down" arrows and press on the "t" key. An asterisk appears at the left of the tagged networks.

Tagging can be used to select networks to create groups.

kismet tag networks

Top of the page     Commands List



"g" key - group tagged networks

Wireless network can be grouped together. You have to tag first the group members (see below) and then press on the "g" key to create and name the group.

kismet group networks

kismet group networks

The "+" sign indicates a group.

Top of the page     Commands List




"i" key - details

To get detailed wireless information, select a network and press on the "i" key.
The example below shows an access point details.

kismet details access-point

Also check the introduction page for details about wireless key words.

Top of the page     Commands List



"i" key - details

The example below shows details about a wireless client in an Ad-Hoc network.

kismet details AD-HOC

Also check the introduction page to get definitions about wireless key words.

Top of the page     Commands List



"c" key - clients

kismet wireless clients

 
F
T
I

E
-
 
From DS
To DS
Intra DS

Established
Unknown
Client types
client broadcast from wireless distribution system
client transmitted over the wireless to the distribution system
client is a node of the distribution system talking to another node in the distribution system
client has been seen entering and leaving the DS
client is in an unknown state

Top of the page     Commands List



"r" key - packet rate

Provides the rate in packets per second.

kismet rate

Top of the page     Commands List



"p" key - Wireless packets

Press the "p" key to see the Wireless frames. You can press again on "p" to pause the capture.

kismet wireless frames

You can then press on "t" to see only tagged frames. See how to tag a network.

kismet sort s key

Check the 802.11 section to get full details about Wireless frames.
In an idle wireless network, beacon frames (MB) dominate all other traffic.

Top of the page     Commands List





If you liked our tutorials, don't hesitate to support us and visit our sponsors!
Si vous aimez nos tutoriaux, n'hésitez pas à nous supporter et visiter nos sponsors!