Kismet Wireless

Kismet Forums

 

Posted by:dragorn
Subject:Drone labels/alerting
Date:14:36:27 18/10/2012

> I have a couple of newb question:
>
> Running 2011-03-R2 on a couple of Backtrack boxes for testing
>
> 1) Given a multiple drone deployment and an APSPOOF alert comes in, is there a way to determine which drone detected the event? The drone name isn't in the alert console, the alert file, nor do I get it when I query the server directly through the interface.

Good question. I'm rewriting some elements of the drone subsystem and probably should include the source in alerts while I'm at it.

>
> 2) In the situation above, I only get one APSPOOF alert despite my test rogue AP staying up and transmitting, and that alert comes in when the drone within range of the rogue starts up. I'm assuming that I've messed up the alert configuration somehow, or is the the expected behavior? I've tried playing with the throttling for APSPOOF with no effect.
>

It should happen several times and then go quiet - but it also depends on seeing more packets from it, being on the right channel, etc.

> 3) Is there a way to configure the client to highlight an SSID that has an alert attached to it?

No, but that's a good idea.


Reply to this message