New version of Kismet
Link: https://hackware.ru/?p=7488
Program for monitoring Wi-Fi
Kismet is a wireless 802.11 detector, sniffer and intrusion detection system. The program monitors the wireless space and keeps logs of detected devices and various events (for example, wireless attacks). When using the GPS module, Kismet can record the coordinates of the access points seen. Thanks to this, you can later impose the found Wi-Fi access points on the map.
Over the past years, active work has been carried out on the new version of Kismet. This version is in the BETA stage, but it works well. The most important thing is that the new version has brought many changes!
Now Kismet is a program for detecting wireless networks and devices, a
sniffer, a ward-driving tool and a WIDS (Wireless Intrusion Detection)
platform.
Kismet works with Wi-Fi interfaces, Bluetooth interfaces, some SDR
devices (software defined radio) such as RTLSDR and other specialized
hardware for data capture.
Kismet runs on Linux, OSX, and, to some extent, Windows 10 under the WSL platform. On Linux, it works with most Wi-Fi cards, Bluetooth interfaces and other hardware components. On OSX, it works with built-in Wi-Fi interfaces, and on Windows 10 it will work with remote invaders.
Kismet is under active development, the latest test versions presented:
- New graphical user web interface
- HTTP / HTTPS API with support for scripts with JSON data records
- The new unified log format kismetdb, which saves packages, locations, messages and recording devices in a single file
- Live PCAP streaming over HTTP
- Selective search by package history
- New super lightweight remote capture code for use on devices with an extremely limited amount of RAM (RAM) and storage
- Transparent remote packet capture from network sensors
- PCAP-NG multi interface multi-dlt capture
- Supports non-Wi-Fi protocols such as Bluetooth, low-frequency environmental sensors, wireless keyboards and mice, and more.
To summarize, you can now monitor the data directly in a web browser
and instead of a large number of different files, only two files are now
created in the monitoring process. And you can work not only with Wi-Fi.
Or you can run it in your Kali Linux or BlackArch and see what version 2016_07_R1 looks like.
Below in this article, you can see how 2018-08-BETA1 looks like (the
version number seems to be August, but the code is constantly being
changed.
How to install the new version of Kismet
You need to remove the previous version if it was installed. In Kali Linux for this run:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo apt remove kismet</span> sudo apt remove kismet</span>
|
In BlackArch, Arch Linux, to uninstall Kismet, do:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo pacman -R kismet</span> sudo pacman -R kismet</span>
|
By the way, about how to update the beta version of Kismet is shown at
the end of this article - it also shows how to remove Kismet, if it is
installed manually.
Now you need to install dependencies .
In Kali Linux, Ubuntu, Debian, Linux Mint to do this, run:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo apt install build-essential git libmicrohttpd-dev pkg-config zlib1g-dev libnl-3-dev libnl-genl-3-dev libcap-dev libpcap-dev libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev libprotobuf-c-dev protobuf-compiler protobuf-c-compiler libsensors4-dev python python-setuptools python-protobuf python-requests librtlsdr0 python-usb python-paho-mqtt libusb-1.0-0-dev</span> sudo apt install build-essential git libmicrohttpd-dev pkg-config zlib1g-dev libnl-3-dev libnl-genl-3-dev libcap-dev libpcap-dev libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev libprotobuf-c- dev protobuf-compiler protobuf-c-compiler libsensors4-dev python python-setuptools python-protobuf python-requests librtlsdr0 python-usb python-paho-mqtt libusb-1.0-0-dev</span>
|
In BlackArch, Arch Linux, to install the Kismet dependencies, do:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo pacman -S libmicrohttpd git pkgconf zlib libnl libcap libpcap libnm libdwarf sqlite protobuf protobuf-c lm_sensors python2 python2-setuptools python2-protobuf python2-requests rtl-sdr python2-pyusb libusb --needed</span> sudo pacman -S libmicrohttpd git pkgconf zlib libnl libcap libpcap libnm libdwarf sqlite protobuf protobuf-c lm_sensors python2 python2-setuptools python2-protobuf python2-requests rtl-sdr python2-pyusb</span>
|
If you do not know what rtl_433 is, then skip this step. To support rtlsdr rtl_433 install:
1
2
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo pacman -S rtl-sdr python2-pyusb --needed</span> sudo pacman -S rtl-sdr python2-pyusb --needed</span>
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo pip2 install paho-mqtt</span> sudo pip2 install paho-mqtt</span>
|
To support Mousejack / nRF and other USB devices, install:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo pacman -S libusb --needed</span> sudo pacman -S libusb --needed</span>
|
Installing dependencies in Fedora (and related distributions):
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo dnf install make automake gcc gcc-c++ kernel-devel git libmicrohttpd-devel pkg-config zlib-devel libnl3-devel libcap-devel libpcap-devel NetworkManager-libnm-devel libdwarf libdwarf-devel elfutils-devel libsqlite3x-devel protobuf-devel protobuf-c-devel protobuf-compiler protobuf-c-compiler lm_sensors-devel libusb-devel fftw-devel</span> sudo dnf install make automake gcc gcc-c ++ kernel-devel git libmicrohttpd-devel pkg-config -c-devel protobuf-compiler protobuf-c-compiler lm_sensors-devel libusb-devel fftw-devel</span>
|
Further, the installation process is the same on all systems.
Clone repository:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">git clone https://www.kismetwireless.net/git/kismet.git</span> git clone https://www.kismetwireless.net/git/kismet.git</span>
|
Go to his folder:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">cd kismet</span> cd kismet</span>
|
If the repository is downloaded earlier, then update it:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">git pull</span> git pull</span>
|
Run the configuration. All features of your system will be taken into account and preparation for compiling Kismet will be done.
If you do not have any dependencies or versions of the libraries are
not compatible, then you will learn about the problems at this stage:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">./configure</span> ./configure</span>
|
If the configuration was successful, a Configuration complete: message will be displayed and a summary that shows which key features are enabled or disabled. There will also be warnings about missing dependencies that will fundamentally affect the compiled Kismet.
Compilation is done with the command:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">make</span> make</span>
|
But you can significantly speed up the process by adding the option -j # with which you specify the number of CPU cores you have. To automatically compile on all available kernels:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">make -j$(nproc)</span> make -j $ (nproc)</span>
|
This second option is preferred since compilation takes really long!
But remember: C ++ uses quite a lot of RAM to compile, so depending on
the amount of available RAM on your system, you may need to limit the
number of simultaneously running processes.
Running compilation on 12 cores:
It can be seen that the amount of RAM used jumped to 9 gigabytes, and at peak times it reached 12 gigabytes. But the compilation itself was completed in about a minute (on one core, the compilation took 10+ minutes).
Install Kismet. In most cases, you should install Kismet as suid-root (with suid bit). Kismet will automatically add a group and install the appropriate binary files for capture.
Once installed as suid-root, Kismet will launch binaries that control
channels and interfaces with the necessary privileges, but the processes
of decoding packages and launching the web interface will be performed
without root privileges.
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo make suidinstall</span> sudo make suidinstall</span>
|
Add yourself to the kismet group:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo usermod -aG kismet $USER</span> sudo usermod -aG kismet $ USER</span>
|
Log out and log in again. Linux does not update groups while you are on the system. If you have just added yourself to the Kismet group, then you need to restart.
Check if you are a member of the Kismet group:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">groups</span> groups</span>
|
If you are not in the kismet group (that is, if there is no kismet among the groups displayed ), then you need to exit completely or just restart the computer.
Kismet launch
If you installed Kismet with suid'n bit, then to start the program you
do not need to specify sudo, that is, you can run like this:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">kismet</span> kismet</span>
|
We are welcomed by the message:
It says that this is our first launch of Kismet, that the program
stores its settings in the browser's HTML5 repository and that we need
to log in and set other settings.
At the moment, only the web interface is running - no data is being collected yet.
Also we are shown a message:
It indicates that the input has not yet been completed. For us, generated credentials that are placed in the file ~ / .kismet / kismet_httpd.conf . If you run the command from root (for example, from sudo ), then the file will be located along the path /root/.kismet/kismet_httpd.conf
Let's look at the contents of this file:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">cat ~/.kismet/kismet_httpd.conf</span> cat ~ / .kismet / kismet_httpd.conf</span>
|
Example:
1
2
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">httpd_password=YiHFRC8Yreg86DJh</span> httpd_password = YiHFRC8Yreg86DJh</span>
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">httpd_username=kismet</span> httpd_username = kismet</span>
|
Click on the Settings button, you will find yourself in the Login & Password tab. Enter there your data that you looked in the file kismet_httpd.conf :
If you need to go to this item again, in the left part of the screen click on the button to bring up the menu and click Settings there .
Now, to start collecting data, you need to re-enter the menu, there select Data Sources .
In the list of available devices, find the one you want to use for data collection, expand it, and click the Enable Sources button:
The name hci0 is a Bluetooth device - I also turned it on to collect data:
The collected information will be available in the web interface,
important messages are displayed in the console, including error
messages and prompts:
Different settings are available for Wi-Fi devices:
In the first line, you can pause monitoring with this device ( Paused ) or resume it ( Running ). In the second line, you can choose to listen to one channel ( Lock ) or automatic channel switching ( Hop ). On the next line, you can select the channels you want to listen to.
An example of captured information in Kismet:
Search available:
You can do the sorting on various grounds. For example, by the number of clients:
By the way, you shouldn’t believe the numbers on the number of clients -
nowadays most modern phones constantly change their MAC address
arbitrarily, so the same device can be counted many times.
Or by the amount of data transferred:
You can click on the device you are interested in and see its detailed information. Device info:
Wi-Fi Information:
Data transfer activity schedule:
Kismet setup
In the Kismet settings menu, you can add or remove displayed fields:
You can also choose colors to highlight especially important data:
An example of using Kismet to determine the direction in which the Wi-Fi device is located
Situation: there is an Access Point to which I can connect, but which
is quite far away and because of this, the connection is sometimes
broken.
My goal: to determine the direction in which the target TD is located in order to correctly rotate the directional antenna.
Instead of a directional antenna, for example, you can use a Wi-Fi
adapter with a conventional antenna, but rearrange it to different
places in the room / apartment to determine the location with the best
signal of communication.
So, the target access point Paangoon_2G, we look at its characteristics:
The access point works on channel 9, the signal level with a normal antenna is -75 dbm.
Pausing unnecessary data sources:
We turn on the adapter with a directional antenna and set up to listen to it only channel 9:
Go to the settings for selecting the data to be highlighted and tick the Active box:
This will turn on the highlight of the cyan active access points. Active are those from which any data has been received within the last 10 seconds.
The fact is that if the Access Point is no longer visible, then it does
not disappear from the list and shows the last value as the signal
level. Therefore, sometimes it is not immediately possible to understand that TD has not been visible for a long time.
We try to turn the antenna or move the Wi-Fi adapter in different directions. You can also try different antennas.
The greater the value (the negative values, the closer to zero, the larger they are) - the better the signal:
In some directions, the signal will deteriorate:
If TD "turned white", then it is no longer visible at all:
The data can "jump" just from the reasons invisible to us. No need to rush the movement of the antenna or adapter, as the data is not updated immediately.
How to upgrade the beta version of Kismet
You need to start with the complete removal of the old version of Kismet.
Since it was not installed via the standard package manager, you need
to delete all files manually (note that all configuration files are also
deleted):
1
2
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo rm -rf /root/.kismet /usr/local/share/kismet</span> sudo rm -rf /root/.kismet / usr / local / share / kismet</span>
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo rm /usr/bin/kismet* /usr/local/bin/kismet* /usr/local/etc/kismet* /usr/local/lib/pkgconfig/kismet.pc</span> sudo rm / usr / bin / kismet * / usr / local / bin / kismet * / usr / local / etc / kismet * /usr/local/lib/pkgconfig/kismet.pc</span>
|
Then you need to perform the installation (the installation of the
dependencies is skipped because the update is being performed, and not
the first installation):
1
2
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">git clone https://www.kismetwireless.net/git/kismet.git</span> git clone https://www.kismetwireless.net/git/kismet.git</span>
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">cd kismet</span> cd kismet</span>
|
If the repository is downloaded earlier, then update it:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">git pull</span> git pull</span>
|
Configuration:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">./configure</span> ./configure</span>
|
and compilation
1
2
3
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">make</span> make</span>
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">make -j$(nproc)</span> make -j $ (nproc)</span>
|
If you need to forcefully re-create the configuration files (for
example, configurations from the old version of the program remain, and
the format of the configuration files has changed in the new version),
then in the kismet folder execute:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo make forceconfigs</span> sudo make forceconfigs</span>
|
Possible problems
If you have any difficulties, try stopping the NetworkManager service:
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo systemctl stop NetworkManager.service</span> sudo systemctl stop NetworkManager.service</span>
|
Sometimes the program may show a hint that the system wireless domain controller is set to '00'; and that this can cause problems when setting up channels. If you have problems, set the domain control with a command like
1
|
<span class="notranslate" onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left">sudo iw reg set BZ</span> sudo iw reg set BZ</span>
|
on the domain that is suitable for your location.
Conclusion
This is an overview, rather superficial article on new features and a new Kismet user interface. Issues of launching Kismet as services, configuring configuration files, .kismet-journal and .kismet log files , command line options and other quite important issues remained unanswered.
When a stable version is released, the documentation will be updated ( https://kali.tools/?p=1118 ) and additional instructions will be written.
