Kismet

The goal for this post was really just a quick way to get Kismet up and running and then viewing the output quickly.

I will just detail the steps to get this working and what to do with the data once you have collected it.  I am using BackTrack 5 r3 within a Virtual Machine and an Alfa AWUS036H set at 30db.  You can skip step 2 if you are not using a virtual machine.

1. UPDATE BACKTRACK!!!

• root@bt:~# apt-get update && apt-get dist-upgrade
  • Let this complete, it may take upwards on 2-5 minutes depending on if its a fresh install.

2.  Plug in your Alfa, connect it to the VM and restart networking

• Connect the Alfa USB to the VM by performing the steps below. Additionally you can use the icon row at the bottom of VMware workstation to connect the device.  With Fusion, simply click Virtual Machine // USB // Connect Realtek [Model]

• Once the adapter is attached to the VM, restart networking… just to have a clean attachment.
  • root@bt:~# /etc/init.d/networking stop
  • root@bt:~# /etc/init.d/networking start
• Check that the adapter has been detected and is functioning  by checking iwconfig
  • root@bt:~# iwconfig
    • Determine what interface is associated with your Alfa (Realtek RTL8187) chipset.
    • root@bt:~# airmon-ng
    • In my example we are going to use: wlan0 (zero)

3.  Update Kismet

• Grab the latest version from  http://www.kismetwireless.net/download.shtml and install it. Be sure to review ALL documentation here.
  • root@bt:~# wget https://www.kismetwireless.net/code/kismet-2011-03-R2.tar.gz  (or whatever the latest version is)
  • root@bt:~# tar xvfz kismet-2011-03-R2.tar.gz
  • root@bt:~# cd kismet-2011-03-R2
  • root@bt:~/kismet-2011-03-R2# ./configure
  • root@bt:~/kismet-2011-03-R2# make install (this may take upwards of 5 – 10 minutes)

4. Start Kismet

• Be sure to read the kismet help file for all available switches. I am purposely NOT using -c to specify an interface.
  • root@bt:~# kismet
  • Note: If you are not going to use GPS, edit your kismet.conf file and tell it you are not going to.
    • root@bt:~# vi /usr/local/etc/kismet.conf
    • Edit the line: Do we have a GPS? to say “gps=false”
  • Helpful navigation tips. [TAB] moves selection. [`] Brings up menu items,  arrow and enter keys allow interaction between items.

Select your interface preference . I chose [ Yes]

• After choosing interface options, you will be ‘reminded’ that kismet is running as root.  Be sure to determine the risk before answering.

• Choose if you would like to start the kismet server.  Kismet runs in a client/server configuration. More details here. Note, once you start the server, a number of files will be generated and placed on your desktop. (Assuming you started kismet within that directory)  Do not delete these files, they are the logs of the captures.

• Select [ YES ] to add an interface for raw capture.

• Enter the interface you are going to use (from step 2) and enter any options or name and select [ Add ]



• An error about dhclient looking at the adapter you have chosen will appear if you have not stopped the service.  To stop it specifically for your wireless adapter, just look at the open files and kill the dhclient service attached to wlan0.
  • root@bt:~# lsof | grep wlan0
  • root@bt:~# kill -9 [PSID]

• To view the traffic Kismet is seeing, you will need to close the console. (Don’t worry, you can get it back if you need)

• The Kismet menu system can be engaged by pressing the [`]or [~] and then use the arrow keys to navigate.

• To interact with the visible networks, head over to the sort menu and select your sorting preference.  I chose [ type ] for this example. You can select the network you want more details about by navigating to it and pressing enter.

5. Reviewing Captures

Now Kismet has been capturing data, how can we look at it?

• You should have 5 files (depending on your switches and options you may end up with more or less.

1. 1. Kismet-[ date/time].netxml
   2. Kismet-[date/time].gpsxml
   3. Kismet-[date/time].alert
   4. Kismet-[date/time].nettxt
   5. Kismet-[date/time].pcapdump

• To view the .netxml file in excel, simply rename and drop the [net].

• Then simply import the .xml file into excel.
• In excel 2010, I was only able to open the data in read only mode.



• To view uptime in days,  for the AP’s.  Josh Wright has provided a nice formula we can use.
• Apply: =U[cell]/(1000000 * (60 * 60 * 24)) to the “/bsstimestamp column.
  • Example: =U70/(1000000*(60*60*24))
  • Row 76 becomes 77, where row 77 contains the time in Days in the last column.

Wrap up

There are many ways to view and capture data with Kismet, using xplico plus the .pcap could prove useful.  I have only scratched the surface of what is possible.  The purpose of this post wasn’t to include every possible combination, but to get you up and running quickly using kismet and reviewing the data just as fast.