Kismet Wireless

Kismet Forums


Posted by:pleriche
Subject:Interpretaion of results
Date:22:53:14 03/01/2007

Hi -

I've been using Netstumbler and WiFiFoFum for wifi auditing in the office for a number of months, and have just got Kismet working. The difference is indescribable. But I don't understand the results. Is there a guide somewhere? If not:

1. What do the different colours mean?

2. I understand that a probe is a request from a device which is looking for a peer or access point to connect to. Can I tell which? Or does it simply wait for a response and decide whether the responder (if any) is a peer or AP as required?

3. And if a probe shows <no ssid>, presumably it's looking to promiscuously connect to any open networks, right?

4. I currently only have an 11b card working (ipw2100). It obviously won't capture 11g packets, but it certainly sees devices working in 11b/g mode. Will it still see management packets from devices working in g-only mode, or will such devices be totally invisible to me?

5. The packet dump opened with Ethereal shows a lot more ssids than the client display, which mainly shows <no ssid>. How do I get it to display discovered ssids?

6. For reasons I've never quite understood, Netstumbler shows variable MAC addresses for a single device, especially if it's cycling keys. Are the bssids shown by kismet "real", i.e. what ipconfig would show on a Windoze box, or ifconfig on linux?

(I hope not too many of those questions are stupid ones.)

Regards - Philip

Reply to this message