Kismet Wireless

Kismet Forums

 

Posted by:theberries
Subject:What source captured the signal?
Date:10:09:26 12/09/2008

> > I replied to an older post but I wanted to bump the original in case it was burried and never saw the light of day:
> >
>
> > The issue I'm having is that I cannot distinguish or deduce by what drone or source an SSID or client is captured on. Ideally, I could use that UUID you mentioned and tie that to each new discovery. Even more ideally, the log/pipe output would have the UUID/capture name/IP address of the drone associated with the entry being sent. All this, of course, being piped into snort/written to a log then converted to a mysql database.
>
> This is being addressed in Newcore - drones basically export the source upstream so the server sees the packets as coming from the specific source on the specific drone. Nothing super-intelligent is being done with it internally, though with the new PPI log format it should be possible to log that info, and Kismet knows internally the source that generated the packet, if that helps.
>
> > Another issue I have is the broadcom drivers not reporting signal strength on the WRT54G's. Hopefully the B43 drivers will fix this but the Kamakazi release of OpenWRT hasn't successfully incorporated them in their release. However, deducing down to a couple or so drones where a rougue is coming from would be nice.
>
> I've had poor luck with 2.6-anything on the WRT (something has changed in the internal device mgmt which throttles it down to about 2mbit throughput).
>
> >
> > Like the original OP said, cycling the kismet server and drones would be a huge pain.
>
> Newcore drones are dynamic - you can add/remove them runtime.
>
> Newcore hasn't had a release but it's definitely usable at this point if you grab it from SVN.
>
> -m

Mike,

Thank you for the speedy reply. It's good to have an active developer who is willing to field stupid questions.

So if I understand you correctly, the uuid can be parsed out of the PPI log output of the Kismet server? I haven't had the chance to test newcore yet so I may be able to answer this myself once I have time.

Also, I believe I read that you said the uuid is a created based on the time, mac address, and a random number. I believe you also said that since that's the case, it'll change once the listening device is rebooted. Is there a way to extract the mac address from the uuid?

I'm not a developer/programmer so I apologize for my lack of understanding. Kismet is very close to being a distributed opensource WIDS solution if the whole listening source can be tied to the findings. Once that's accomplished, it's trivial to throw that stuff in a database and query it. There just isn't anything else out there in the opensource community that gives the functionality of kismet. I've searched for a solid two weeks for an opensource, distributed listening agent WIDS and have come back to Kismet every time.

Wardriving is fun but kismet is so close to being a kick-arse intrusion detection tool as well.

Thanks again,
Jeremy


Reply to this message