Kismet – Wireless Network Hacking, Sniffing & Monitoring

Outsmart Malicious Hackers

For some reason I’ve never posted about Kismet, and I don’t like to assume everyone knows everything. So for those who may not have heard of it, here’s Kismet.

Kismet is one of foundation tools Wireless Hacking, it’s very mature and does what it’s supposed to do.

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.


  • Ethereal/Tcpdump compatible data logging
  • Airsnort compatible weak-iv packet logging
  • Network IP range detection
  • Built-in channel hopping and multicard split channel hopping
  • Hidden network SSID decloaking
  • Graphical mapping of networks
  • Client/Server architecture allows multiple clients to view a single
  • Kismet server simultaneously
  • Manufacturer and model identification of access points and clients
  • Detection of known default access point configurations
  • Runtime decoding of WEP packets for known networks
  • Named pipe output for integration with other tools, such as a layer3 IDS like Snort
  • Multiplexing of multiple simultaneous capture sources on a single Kismet instance
  • Distributed remote drone sniffing
  • XML output
  • Over 20 supported card types

If you need to get funky with a wireless network, grab Kismet for a start.

You can download the latest stable source here:

kismet-2007-10-R1.tar.gz (sig)

Or read more here.

Posted in: Hacking Tools, Network Hacking, Wireless Hacking

, , , , , , , , , ,

Recent in Hacking Tools:
- Pybelt – The Hackers Tool Belt
- Github Dorks – Github Security Scanning Tool
- scanless – A Public Port Scan Scraper

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,020,959 views
- Brutus Password Cracker – Download AET2 - 1,593,503 views
- wwwhack 1.9 – Download Web Hacking Tool - 704,675 views

20 Responses to Kismet – Wireless Network Hacking, Sniffing & Monitoring

  1. Goodpeople February 6, 2008 at 12:09 pm #

    Personally I am an aircrack-ng kinda guy. But that is only if I want to break the encryption. Kismet is a very valueable tool for all other wireless related fun things you can think of.

  2. Benjamin Juang February 6, 2008 at 12:33 pm #

    And for those of us who are running MacOS X, there’s Kismac, the mac equivalent – I think we have almost everything Kismet has? (Was initially a port of Kismet to MacOS X, I think..? I may be wrong, don’t quote me on that.)

    Am wondering though – has anyone tried it on windows? Or have a similar tool for windows?

  3. Pantagruel February 6, 2008 at 3:03 pm #

    As with most *nix apps you can use Cygwin to run then under Windows


    You could give NetStumbler a try when tied to the Windows platform

  4. DaCapn February 6, 2008 at 5:33 pm #

    To the best of my knowledge there is only one card that works with kismet under windows. The windows drivers from the manufacturers do not support rfmon. Similarly, this means you can’t use the windows drivers with ndiswrapper on a unix-based system.

  5. mumble February 6, 2008 at 8:18 pm #

    @pantagruel – the problem is RFMON support. There is only one card with decent RFMON support for Win32, and that one is a specialty device for the wireless security market, and is expen$ive.

    Right now, RFMON/packet injection tools are somewhat mature and capable for the free *nix operating systems, not bad for OSX, and pretty much worthless elsewhere. In fact, at this point – unless you like getting very intimate with the details of setting up kernel mode drivers, you’ll probably end up running something like Backtrack-3.

  6. Arkwin February 6, 2008 at 10:04 pm #
    Cain & Able
    Net Stumbler

  7. Emkayu February 7, 2008 at 1:56 am #

    If you’ve tried the OS X version of this, KisMac you will know how powerful and easy to use this is. Suppors reinjecting of packets, authentication floods, deauthenticating, and various cracking attacks (weak schedules, bruteforce and even wordlist attacks)

  8. Yoshi February 7, 2008 at 2:19 am #

    First time reader! Don’t get me me wrong I think Kismet is a great tool, however i think a lot of the times you actually need to have some pretty pictures when presenting a wireless assessment / investigation / etc to mangement IMHO – more so with wireless than any other area for some reason (I guess it’s because you can’t see it so it makes it harder to grasp the concepts). Some times you got to pay the bucks to get the professional / graphical reporting

    Nice blog! I’ll be back tomorrow to see the next post :)

  9. eM3rC February 7, 2008 at 9:12 am #

    Commenting on Emkayu’s comment, 60 Minutes (CBS I think?) did a story about Kismet. More specifically, how it could be used to tap into stores wireless routes and steal credit card information. According to the story those little credit card scanners are wireless (the cords are power I guess) and when you swipe the card it gets sent to a modem which in turn is sent to the bank for conformation. Hackers were taping into these WEP protected modems (2-3 minutes to break if your really good, 10 for a normal user) and took the info passing through it.

    I would say this is OSX’s aircrack-ng.

  10. Pantagruel February 7, 2008 at 6:41 pm #


    True, I recently bought me a Mac Mini and it was quite a pain to find a supported wireless network dongle (got one through Ebay). Haven’t spend too much time playing with it.

  11. Pantagruel February 7, 2008 at 7:04 pm #

    Just for fun, go to , it nicely sums up some of the postings here on DarkNet

  12. Yoshi February 7, 2008 at 10:36 pm #

    Oddly enough i’m actually in Germany this week. I may be way out of line here, but I think Germany has lost a lot of the organisation ‘lets do it the right way’ , hard work ethic it was once famous for – but then they have the workers council which is just a world of pain to deal with. (I don’t actually know the reason, but i would guess that the german work law is soo difficult that’s why Walmart never made a profit till the day they pulled out of Germany)

    Obvisouly this is an outsiders view – German readers will have a far more informed opinion that little old me who visits on business every couple of months.

  13. eM3rC February 8, 2008 at 3:32 am #

    Good point pantagruel. Thanks for the link!

  14. DaCapn February 9, 2008 at 8:53 pm #

    Was my previous post deleted for some reason? I don’t see it here now…

    Netstumbler is a passive sniffer. Active sniffers like kismet are able to do things like discover APs that don’t broadcast their SSID.

  15. eM3rC February 9, 2008 at 9:04 pm #


    Good point. Although to get into a modem that doesn’t broadcast its SSID seems like more questionable cracking ;)

  16. eM3rC February 9, 2008 at 10:13 pm #

    Got a kind of random post here.

    For one of my classes I want to write a report on what exactly computer hacking is, what is happening with it today (groups, what they are doing, general modern hacker profile), and the history of it. As for material I have begun reading some books from the library (including Mitnick’s books).

    If anyone could recommend any more material it would be much appreciated.

  17. Pantagruel February 10, 2008 at 3:10 pm #

    For some real old skool stuff try:

    The cuckoo’s egg by Clifford Stoll

    An Evening with Berferd by Bill Cheswick

    More of this time:

    Rootkits: Subverting the Windows Kernel (Addison-Wesley Software Security Series) by Greg Hoglund and Jamie Butler

    Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson

  18. eM3rC February 10, 2008 at 8:26 pm #

    Thanks a million Pantagruel!

    The world needs to know hackers aren’t always bad ;)

    If anyone else can recommend any material feel free to do so.

  19. Emkayu May 15, 2008 at 9:19 pm #

    theres a list of compatible dongles about, i personally use the Dlink DWL g122 on the RA-link build of kismac :D, can crack wep keys in local area under 10 minutes, link it with a GPS device and it’s great for wardriving with a macbook

  20. Lee February 3, 2009 at 10:55 pm #

    does anyone know if dell wireless 1390 wlan mini-card support the raw monitoring (rfmon) mode?? thanks.