Kismet Wireless

Kismet Forums


Posted by:rgrmatt
Subject:General Question
Date:15:43:41 31/10/2014

> We are a team of students looking to use Kismet in a wireless sensor that can scan for cell phone MAC addresses, and we were wondering if there was a way to speedup the detection of BSSIDs. Also, is there a way of formatting the log files so that it does not list any wireless access points or routers. (Only show laptops and cellphones within range)?
> Thanks!
> *note* We are new to the forum, and plan on using it properly. If there is etiquette
> we need to follow feel free to let us know.

Hey guys how are you? I want to help you the best that I can, I am pretty passionate about 802.11 as well. Hopefully as we talk we can get a better idea of what you guys are trying to do and find a solution. I somewhat understand what your end state is but it would help if you put in perspective (if allowed) for us.

1.) Wireless access points have what is called a beacon interval that is set in milliseconds that determines how often the network will announce its presence. From a networking perspective, the networks are constantly talking so you shouldn't have any issues picking them up. Now, you want to be able to detect networks faster using kismet and there is a couple considerations. If you are going after just the 2.4Ghz range, limit your channel scanning to the non overlapping channels of 1,6 and 11. These are the three prominent channels used and they cover the whole 2.4Ghz range. Keep in mind that scanning 1,6,11 will also find networks on the other 2.4Ghz channels as well because more than likely two of these three channels are overlapping with the odd balls (i.e. Channel 3 or 7, etc). So now your scanning channels 1,6 and 11. Now you must consider your dwell time on each channel. Dwell time is how long (in milliseconds) your network card will sit on each channel before it moves on to scan the next channel in the list. For general wireless surveying I like to operate with a dwell time somewhere around 250ms. This is long enough to catch most beacon frames that are on each channel whilst not spending to much time on any particular channel. (This could be an issue if you were driving through a city). You can configure channel settings in the kismet_client by navigating to: Kismet > Channel (or use the shortcut key 'L').

2. Finding mobile devices is a little more difficult than wireless networks, but still easy and here is why. Mobile devices are most concerned about maintaining a healthy battery life. You will only detect a mobile device if they are either: a) connected to a wireless network or b) you catch a probe request being sent from the device. Finding mobile devices attached to a network is fairly easy as they are sending more layer two frames than compared to when they are disassociated with a network. A mobile device will only probe out every 5 to 6 minutes to better conserve battery life (device dependent). But how are you to determine what devices are mobile phones or laptops? There is no particular frame that contains that data. This is where the OUI comes into play. The OUI is the first half (first three octets) of your wireless devices mac address. Now if you had a list of known OUI's for mobile devices, you can then post process your data to extract them from your collection files. Sometimes (not all the time) Mobile Device/Manufacturer and Serial Number (which contains information if its a GSM/CDMA type device) are listed inside the probe request. I have seen this more frequently with Android devices as opposed to Apple devices which I see mainly giving up that information inside MDNS queries.

3. Log files. Unless you are heavily restricted on hard drive space. I wouldn't recommend storing less data, that is generally just a bad idea. What if you don't have a list of mobile device OUI's, how are you suppose to determine what is a mobile device and what is not? Even if you did, what about the one-offs or knock off Korean samsung galaxy phones that or on the market. Its better if you just keep all the data and create a script to parse the xml files and separate out what you want.

I hope this helps

Reply to this message