Kismet Wireless

Kismet Forums


Posted by:dragorn
Subject:exporting alerts
Date:15:00:16 28/11/2011

> Is there any more documentation on incorporating Kismet with an IDS as seen here:
> Kismet can integrate with other tools using the tun/tap export to
> provide a virtual network interface of wireless traffic; tools such as
> Packet-o-Matic and Snort can use this exported data to perform
> additional IDS functions.
> I tried having snort listen on the kistap0 virtual interface and when Kismet started generating alerts for my attacks, snort did nothing, so I tried changing Kismet's alert output into snorts log directory so it would process Kismet's alert output (and alert me, which is my final goal), but it just froze snort (log file incompatibility maybe?) Don't know where to go from here.

Kismet alerts come as the !ALERT sentence on the kismet network socket.

The quoted paragraph refers to using snort to do l3 IDS after kismet does L2 IDS.

The easiest way to get the alerts from Kismet is to write a network client - look at the ruby/ directory in SVN to get an idea of some simple ones, which could easily be modified to extract alert data and format it to whatever sort of setup you want.

Reply to this message