06 February 2008 | 81,746 views

Kismet – Wireless Network Hacking, Sniffing & Monitoring

Prevent Network Security Leaks with Acunetix

For some reason I’ve never posted about Kismet, and I don’t like to assume everyone knows everything. So for those who may not have heard of it, here’s Kismet.

Kismet is one of foundation tools Wireless Hacking, it’s very mature and does what it’s supposed to do.

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.

Features

  • Ethereal/Tcpdump compatible data logging
  • Airsnort compatible weak-iv packet logging
  • Network IP range detection
  • Built-in channel hopping and multicard split channel hopping
  • Hidden network SSID decloaking
  • Graphical mapping of networks
  • Client/Server architecture allows multiple clients to view a single
  • Kismet server simultaneously
  • Manufacturer and model identification of access points and clients
  • Detection of known default access point configurations
  • Runtime decoding of WEP packets for known networks
  • Named pipe output for integration with other tools, such as a layer3 IDS like Snort
  • Multiplexing of multiple simultaneous capture sources on a single Kismet instance
  • Distributed remote drone sniffing
  • XML output
  • Over 20 supported card types

If you need to get funky with a wireless network, grab Kismet for a start.

You can download the latest stable source here:

kismet-2007-10-R1.tar.gz (sig)

Or read more here.



Recent in Hacking Tools:
- Arachni v1.0 Released – Web Application Security Scanner Framework
- iSniff-GPS – Passive Wifi Sniffing Tool With Location Data
- masscan – The Fastest TCP Port Scanner

Related Posts:
- Swiss Researchers Sniff Password from Wired Keyboard
- Interceptor – Wireless Wired Network Tap (Fon+)
- OSWA Assistant – Wireless Hacking & Auditing LiveCD Toolkit

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,870,742 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,061,799 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 625,366 views

Low-cost VPS Hosting

20 Responses to “Kismet – Wireless Network Hacking, Sniffing & Monitoring”

  1. Goodpeople 6 February 2008 at 12:09 pm Permalink

    Personally I am an aircrack-ng kinda guy. But that is only if I want to break the encryption. Kismet is a very valueable tool for all other wireless related fun things you can think of.

  2. Benjamin Juang 6 February 2008 at 12:33 pm Permalink

    And for those of us who are running MacOS X, there’s Kismac, the mac equivalent – I think we have almost everything Kismet has? (Was initially a port of Kismet to MacOS X, I think..? I may be wrong, don’t quote me on that.)

    Am wondering though – has anyone tried it on windows? Or have a similar tool for windows?

  3. Pantagruel 6 February 2008 at 3:03 pm Permalink

    As with most *nix apps you can use Cygwin to run then under Windows

    (see http://www.kismetwireless.net/documentation.shtml)

    You could give NetStumbler a try when tied to the Windows platform

  4. DaCapn 6 February 2008 at 5:33 pm Permalink

    To the best of my knowledge there is only one card that works with kismet under windows. The windows drivers from the manufacturers do not support rfmon. Similarly, this means you can’t use the windows drivers with ndiswrapper on a unix-based system.

  5. mumble 6 February 2008 at 8:18 pm Permalink

    @pantagruel – the problem is RFMON support. There is only one card with decent RFMON support for Win32, and that one is a specialty device for the wireless security market, and is expen$ive.

    Right now, RFMON/packet injection tools are somewhat mature and capable for the free *nix operating systems, not bad for OSX, and pretty much worthless elsewhere. In fact, at this point – unless you like getting very intimate with the details of setting up kernel mode drivers, you’ll probably end up running something like Backtrack-3.

  6. Arkwin 6 February 2008 at 10:04 pm Permalink

    http://www.oxid.it/
    Cain & Able

    http://www.netstumbler.com/
    Net Stumbler

  7. Emkayu 7 February 2008 at 1:56 am Permalink

    If you’ve tried the OS X version of this, KisMac you will know how powerful and easy to use this is. Suppors reinjecting of packets, authentication floods, deauthenticating, and various cracking attacks (weak schedules, bruteforce and even wordlist attacks)

  8. Yoshi 7 February 2008 at 2:19 am Permalink

    First time reader! Don’t get me me wrong I think Kismet is a great tool, however i think a lot of the times you actually need to have some pretty pictures when presenting a wireless assessment / investigation / etc to mangement IMHO – more so with wireless than any other area for some reason (I guess it’s because you can’t see it so it makes it harder to grasp the concepts). Some times you got to pay the bucks to get the professional / graphical reporting

    Nice blog! I’ll be back tomorrow to see the next post :)

  9. eM3rC 7 February 2008 at 9:12 am Permalink

    Commenting on Emkayu’s comment, 60 Minutes (CBS I think?) did a story about Kismet. More specifically, how it could be used to tap into stores wireless routes and steal credit card information. According to the story those little credit card scanners are wireless (the cords are power I guess) and when you swipe the card it gets sent to a modem which in turn is sent to the bank for conformation. Hackers were taping into these WEP protected modems (2-3 minutes to break if your really good, 10 for a normal user) and took the info passing through it.

    I would say this is OSX’s aircrack-ng.

  10. Pantagruel 7 February 2008 at 6:41 pm Permalink

    @Emkayu

    True, I recently bought me a Mac Mini and it was quite a pain to find a supported wireless network dongle (got one through Ebay). Haven’t spend too much time playing with it.

  11. Pantagruel 7 February 2008 at 7:04 pm Permalink

    Just for fun, go to kismac.de , it nicely sums up some of the postings here on DarkNet

  12. Yoshi 7 February 2008 at 10:36 pm Permalink

    Oddly enough i’m actually in Germany this week. I may be way out of line here, but I think Germany has lost a lot of the organisation ‘lets do it the right way’ , hard work ethic it was once famous for – but then they have the workers council which is just a world of pain to deal with. (I don’t actually know the reason, but i would guess that the german work law is soo difficult that’s why Walmart never made a profit till the day they pulled out of Germany)

    Obvisouly this is an outsiders view – German readers will have a far more informed opinion that little old me who visits on business every couple of months.

  13. eM3rC 8 February 2008 at 3:32 am Permalink

    Good point pantagruel. Thanks for the link!

  14. DaCapn 9 February 2008 at 8:53 pm Permalink

    Was my previous post deleted for some reason? I don’t see it here now…

    Netstumbler is a passive sniffer. Active sniffers like kismet are able to do things like discover APs that don’t broadcast their SSID.

  15. eM3rC 9 February 2008 at 9:04 pm Permalink

    @DaCapn

    Good point. Although to get into a modem that doesn’t broadcast its SSID seems like more questionable cracking ;)

  16. eM3rC 9 February 2008 at 10:13 pm Permalink

    Got a kind of random post here.

    For one of my classes I want to write a report on what exactly computer hacking is, what is happening with it today (groups, what they are doing, general modern hacker profile), and the history of it. As for material I have begun reading some books from the library (including Mitnick’s books).

    If anyone could recommend any more material it would be much appreciated.

  17. Pantagruel 10 February 2008 at 3:10 pm Permalink

    For some real old skool stuff try:

    The cuckoo’s egg by Clifford Stoll

    An Evening with Berferd by Bill Cheswick

    More of this time:

    Rootkits: Subverting the Windows Kernel (Addison-Wesley Software Security Series) by Greg Hoglund and Jamie Butler

    Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson

  18. eM3rC 10 February 2008 at 8:26 pm Permalink

    Thanks a million Pantagruel!

    The world needs to know hackers aren’t always bad ;)

    If anyone else can recommend any material feel free to do so.

  19. Emkayu 15 May 2008 at 9:19 pm Permalink

    theres a list of compatible dongles about, i personally use the Dlink DWL g122 on the RA-link build of kismac :D, can crack wep keys in local area under 10 minutes, link it with a GPS device and it’s great for wardriving with a macbook

  20. Lee 3 February 2009 at 10:55 pm Permalink

    does anyone know if dell wireless 1390 wlan mini-card support the raw monitoring (rfmon) mode?? thanks.