Wednesday, December 10, 2008

Kismet - a wireless sniffer and detector

You can't hide your wireless Access Point (AP) from kismet's eye. Kismet will discover every AP within range although with AP has hidden SSID.

Description from site:

What is Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and
intrusion detection system. Kismet will work with any wireless card which
supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a,
802.11n, and 802.11g traffic (devices and drivers permitting).

Kismet identifies networks by passively collecting packets and detecting
standard named networks, detecting (and given time, decloaking) hidden
networks, and inferring the presence of non-beaconing networks via data
traffic.






Feature Overview

Kismet has many features useful in different situations for monitoring
wireless networks:
- Ethereal/Tcpdump compatible data logging
- Airsnort compatible weak-iv packet logging
- Network IP range detection
- Built-in channel hopping and multicard split channel hopping
- Hidden network SSID decloaking
- Graphical mapping of networks
- Client/Server architecture allows multiple clients to view a single
Kismet server simultaneously
- Manufacturer and model identification of access points and clients
- Detection of known default access point configurations
- Runtime decoding of WEP packets for known networks
- Named pipe output for integration with other tools, such as a layer3 IDS
like Snort
- Multiplexing of multiple simultaneous capture sources on a single Kismet
instance
- Distributed remote drone sniffing
- XML output


Typical Uses

Common applications Kismet is useful for:
- Wardriving: Mobile detection of wireless networks, logging and mapping
of network location, WEP, etc.
- Site survey: Monitoring and graphing signal strength and location.
- Distributed IDS: Multiple Remote Drone sniffers distributed throughout
an installation monitored by a single server, possibly combined with a
layer3 IDS like Snort.
- Rogue AP Detection: Stationary or mobile sniffers to enforce site policy
against rogue access points.

check out the documentation and download here
Labels: , , ,

2 comments:

  1. AnonymousDecember 11, 2008 at 3:03 PM

    wah udah pake stables 9
    aja neih bocah ,,,,,gw aja baru pake yang stables 5 .....

    sayang judul nya ttg squid ngk bisa di buka dari ITT ,,,
    maklom ada kata2 terlarang,,,,,

    hhihihihiih..........

    ReplyDelete
  2. AjiDecember 12, 2008 at 12:14 AM

    opo iki? kok komen neng kismet mas???
    ah ITT, pasti kata proxy yg terlarang.

    ReplyDelete

Subscribe to: Post Comments (Atom)
Related Posts Plugin for WordPress, Blogger...