Archive for February 26th, 2010

Kismet Drones

Friday, February 26th, 2010 | Learn Linux - Linux help | No Comments

This Kismet tutorial provides a basic framework for using Kismet drones.
Kismet is an 802.11 wireless network detector, sniffer, and intrusion
detection system. Kismet will work with any wireless card which
supports raw monitoring mode, and can sniff 802.11b, 802.11a, 802.11g,
and 802.11n traffic (devices and drivers permitting).

Kismet also sports a plugin architecture allowing for additional
non-802.11 protocols to be decoded.

Kismet identifies networks by passively collecting packets and detecting
networks, which allows it to detect (and given time, expose the names
of) hidden networks and the presence of non-beaconing networks via data
traffic.

Kismet Drones are designed to turn Kismet into a distributed IDS system.
Drones support all of the capture methods Kismet normally supports,
including multiple capture devices per drone. Drones capture wireless
data and forward to a Kismet server over a secondary connection (ie,
wired Ethernet). Drones do not do any decoding of packets and have
minimal hardware requirements.

A Kismet server connects to the drones and will provide a single Kismet
UI display, packet dump, and alert generation point. Capture sources on
remote Kismet drones are forwarded to the Kismet server and appear as
independent capture devices which can be configured for channel hopping,
locking, etc.

Using the tun/tap export function, the central Kismet server can export
the packets from all attached drones to a virtual network interface for
use with external IDS/packet capture systems (such as Snort).

To start using Drones, launch the kismet_drone process on a remote
system (editing the kismet_drone.conf file to control what hosts are
allowed to connect) or turn on drone capabilities in the Kismet server
(by enabling the drone config options in kismet_server.conf). When
running a kismet_server instance as a drone, local logging will act as
usual and Kismet clients can be connected to the server as normal; When
running kismet_drone, Kismet clients cannot connect directly to it, and
it will not log, a Kismet server instance must be started to provide
packet decoding, logging, and Kismet UI connectivity.