Posts by Collection

docs

Extending device and data tracking

Adding parsers for new IE tags in Kismet is relatively simple; there’s a handful of files you need to modify and coding conventions you should follow, howeve...

Creating Kismet datasources

These docs represent a protocol that is still heavily under development - until the first internal implementations are done, it would be unwise to start an i...

Datasource capframework library

These docs represent an API that is still heavily under development - until the first internal implementations are done, it would be unwise to start an indep...

Extending device and data tracking

Once data has been captured (see the datasource docs for more details about creating a data source) and handled by the DLT handler, additional processing can...

Helper tools

Kismet helper tools are external programs which Kismet uses; splitting functionality into an external helper can be for several reasons:

Kismetdb logs

These docs represent a logfile which is under current development; until the first full release is done, the contents of the Kismet log are subject to change...

REST webserver endpoints

Kismet uses a REST-like interface for the embedded webserver, which provides data and accepts commands.

Logins and sessions

Kismet uses HTTP basic-auth to submit login information, and session cookies to retain login state.

Commands

Commands are sent via HTTP POST. Command options are sent as a JSON dictionary object in the POST field json

Keys and MAC addresses

MAC addresses The MAC address is a theoretically unique identifier given to a device at manufacture time. For Ethernet and Wi-Fi devices, this is assigned b...

Devices

A device is the central record of a tracked entity in Kismet. Clients, bridges, access points, wireless sensors, and any other type of entity seen by Kismet...

Devices

Device views Device views are optimized subsets of the global device list. Device views can be defined by PHY handlers, plugins, as part of the base Kismet ...

Messages

Kismet uses an internal messagebus system for communicating text messages from system components to the user. The messagebus is used to pass error, state, a...

Alerts

Kismet alerts notify the user of critical Kismet events and wireless intrusion events. Alerts are generated as messages (sent via the messagebus) and as ale...

Channels

System status URL /channels/channels.json

Datasources

Datasources in Kismet capture information - typically packets - and return them to the Kismet server for processing. Typically, a datasource is analogous to...

GPS

Kismet now supports multiple simultaneous GPS devices, and can select the ‘best’ quality device based on priority and GPS signal.

Packet capture

Kismet can export packets in the pcap-ng format; this is a standard, extended version of the traditional pcap format. Tools such as Wireshark (and tshark) c...

Filters

Packet filters Packet filtering is used by Kismet to limit the packets in some fashion; typically to restrict the packets being logged, returned in packet st...

Plugins

Kismet plugins may be active C++ code (loaded as a plugin.so shared object file) or they may be web content only which is loaded into the UI without requirin...

Streams

A Kismet stream is linked to an export of data of prolonged length; for instance, packet capture logs to disk or streamed over the web API.

Logging

Kismet uses a centralized logging architecture which manages enabling and tracking the status of logs. The logging system integrates with the streaming syte...

Points of interest

You can tag a time and location as a “point of interest” using the POI API. This API is only available when the kismetdb log is enabled.

KismetDB logs

If the Kismet Databaselog is enabled, Kismet will expose an API for extracting historic data. If the databaselog is not enabled, these APIs will not be avai...

Phy80211 Wi-Fi

The 802.11 Wi-Fi phy defines extra endpoints for manipulating Wi-Fi devices seen by Kismet, and for extracting packets of special types.

Wi-Fi fingerprinting

The Kismet phy80211 fingerprinting system is used for device whitelisting, device modification alerts, and other device tracking.

UAV / Drones

The UAV/Drone phy defines extra endpoints for matching UAVs based on manufacturer and SSID.

Creating tracked components

Kismet manages complex objects with arbitrary serialization and logging by implementing “tracked elements”; Tracked elements are introspectable in C++ and ca...

Extending the webui - device data

It’s often desireable to display simple data in Kismet as a table. Kismet handles this in the web UI as a jquery plugin, jquery.kismet.devicedata.

Extending the web ui

Kismet self-serves its web UI via the built-in webserver. The web UI can interact with any exposed REST endpoint on the server. Kismet does not currently s...

REST endpoints

Kismet uses a REST-like interface on the embedded web server for providing data and accepting commands. Generally, data is fetched via HTTP GET and commands...

Official Kismet packages

There are automatically-built repositories for Kismet on several Linux distributions. More are being added over time, and your distribution may already have...