Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer,
and intrusion detection system.
Kismet will work with any wireless card which supports raw monitoring
(rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
Kismet identifies networks by passively collecting packets and
detecting standard named networks, detecting (and given time,
decloaking) hidden networks, and infering the presence of nonbeaconing
networks via data traffic.
Common applications Kismet is useful for:
- Wardriving: Mobile detection of wireless
networks, logging and mapping of network location, WEP, etc
- Site survey: Monitoring and graphing signal
strength and location
- Distributed IDS: Multiple Remote Drone sniffers
distributed throughout an installation monitored by a single server,
possibly combined with a layer3 IDS like Snort
- Rogue AP Detection: Stationary or mobile sniffers
to enforce site policy against rogue access points.
Features include:
- Ethereal/Tcpdump compatible data logging
- Airsnort compatible weak-iv packet logging
- Network IP range detection
- Built-in channel hopping and multicard split channel hopping
- Hidden network SSID decloaking
- Graphical mapping of networks
- Client/Server architecture allows multiple clients to view
a single Kismet server simultaneously
- Manufacturer and model identification of access points and
clients
- Detection of known default access point configurations
- Runtime decoding of WEP packets for known networks
- Named pipe output for integration with other tools, such as
a layer3 IDS like Snort
- Multiplexing of multiple simultaneous capture sources on a
single Kismet instance
- Distributed remote drone sniffing
- XML output
- Over 20 supported card types
Return
to Security Home Page
Last Updated Saturday, May 03 2008 @ 07:14 PM EDT
| 
