Kismet Wireless

Kismet Forums


Posted by:maverick
Subject:Can Kismet identify links between wireless APs and clients on networks using strong encryption?
Date:01:20:45 22/05/2009

> > I'm trying to gather info. about an attack on my wireless network. I have the following information from the source of the attack: a host name, an IP address and a MAC Address. I believe I have identified the AP or router used by the attacker and have an SSID. If this network uses strong encryption will I be able to get enough info. from Kismet to link the two? I'm using WinXP but I've installed Linux on a couple of my machines to try to use Kismet.
> I don't understand what you think you're tracking.
> If you've got someone attacking YOUR wireless network, then you know the SSID (it's yours) and you know the encryption (it's yours) so if they're using your network to perform an attack you'd want to watch them from your gateway.
> If they're on another network near you, they're not attacking your network, since they're not ON your network.
> If you think they're on your network and then on their own, yes, you can see that the client mac is moving between your network and another network.
> -m

I guess I didn't explain my situation very well. Someone from outside my network logged onto my network using a MAC Address not allowed by my MAC filter. There was also some kind of deauthentication attack using that rouge MAC Address. I have the host name, IP Address and MAC Address from that incident. I think I have identified the router and the SSID that attacker is using from a view of available wireless networks. I am trying to determine if I can use Kismet to identify a relationship between those two devices from the other network (computer and router). These are both small home networks.

Reply to this message