Kismet Wireless

Kismet Forums

 

Posted by:HaroldCo
Subject:IDS testing
Date:12:01:40 13/08/2009

Attempting to test functionality of Kismet IDS. Have netstumbler but have been unable to generate an alert.

Looking for suggestions or testing technique to force an alert in Kismet. Also have metasploit. Reviewed prior forum posts but most were pre-2006 with not much detail.

Would like to build some type of event or batch process that will send alert event to monitoring system.

Is the kismet::client module the way to go to grab alerts? or should I look at parsing the .alert file?

Did not see API for "alert" in kismet::client module. Found http://www.757.org/~joat/wiki/index.php/Kismet_and_Perl which gives some hint to ALERT within the $PROTOCOL.

What would be approach to query the server? issue !0 CAPABILITY ALERT then catch response? or would alert info be in status message as written in kismetaclient.pl example?

Can someone post a populated .alert file if you have done same type of testing.
Example perl code for catching alert?


Reply to this message