Extending device and data tracking
How to extend the Kismet interface for parsing 802.11 IE tags.
Posts by Collection
docs
Creating Kismet datasources
How to extend Kismet by creating new datasources
Datasource capframework library
The datasource captureframework C API
Extending device and data tracking
Extending the Kismet C++ data classifier system.
Helper tools
The Kismet external tool API defines how Kismet talks to capture and helper binaries.
Kismetdb logs
The kismetdb log file is the new unified system for storing data, state, snapshots, devices, and all other info in Kismet.
Creating Kismet plugins
Kismet plugins can change server behavior (via C++ plugins), interface behavior (via Javascript), or both
Kismet External HTTP Helper Plugins
Extending Kismet via external helpers in Python and other languages
REST webserver endpoints
The Kismet REST-like API
Exploring endpoints
Exploring the REST API should be simple, here’s how to get the most out of the endpoints and self-documenting fields.
Serialization types
Data can be serialized in several different ways, as traditional JSON, streaming pseudo-JSON for large queries, and as ‘pretty’ output for learning the API.
Logins and sessions
Kismet uses a standard login and session cookie system which is easily supported by most HTTP libraries.
Commands
Commands (actionable API calls) use a common method for defining arguments and options.
Keys and MAC addresses
The differences between keys and macs, and optional MAC group matching.
System status
Basic system status and health reporting.
Devices
Device listing, sorting, and related interfaces.
Device views
A common ‘device view’ API which is used by many components of Kismet to present different views of the device data while retaining identical API calls.
Messages
Kismet exposes the console messages via the messagebus API.
Alerts
The alerts API allows for fetching raised alerts, defining new custom alerts purely via the API interface, and raising alerts via the API interface, allowing...
Channels
Observed channels and channel traffic API.
Datasources
APIs for accessing defined, and potential, datasources, as well as controlling the behavior of datasources.
GPS
Supported GPS devices, defined GPS devices, and current location information.
Packet capture
Access the packet stream live with optional datasource and device filtering.
Filters
Dynamically control filtering options to include or exclude devices and packets; the filtering API is used by multiple components in Kismet to define filters.
Plugins
Information about running Kismet plugins.
Streams
Logging and long-running live exports of data are classified as streams and can be observed and manipulated via the stream API.
Logging
View and control logging attributes live.
Points of interest
Points-of-interest can be tagged live, allowing for integration of physical buttons or other scripts to make a kismetdb entry for future analysis.
KismetDB logs
Kismet stores all of its information in the kismetdb log; by exposing interfaces to the kismetdb log via the REST api, it becomes possible to access not only...
Phy80211 Wi-Fi
The 802.11 Wi-Fi subsystem defines a set of Wi-Fi specific APIs for accessing information about APs, related devices, and more.
Wi-Fi fingerprinting
Live manipulation of the fingerprinting system, which will be used in the future for whitelisting, alerts, and complex Wi-Fi device tracking.
Phy802.11 SSID Scan module
Still under development, the ssidscan module will allow for targetting devices by SSID and automatically searching for behavior.
UAV / Drones
Kismet can track additional information about UAV/Drone/Quadcopter devices based on manufacturer, SSID, and packet contents.
Creating tracked components
The tracked_component system is the Kismet internal architecture for introspectable and serializable data storage, and is used to define tracked structures l...
Extending the webui - device data
The web UI has pluggable interfaces for extending the device details window.
Extending the web ui
The web UI can be extended via Javascript and the UI pluggable interface, allowing for alterations and entirely new web UI systems.
Kismet on OSX
Compiling Kismet on OSX
Building Kismet for the Wi-Fi Pinapple Tetra
Building Kismet-Git for the Wi-Fi Pineapple Tetra
OpenWRT remote capture
Building Kismet-Git remote capture for OpenWrt
Kismet on Win10 WSL
Compiling and Running Kismet on Windows 10
Git and Beta
Welcome to the new, MAJOR rewrite of Kismet! If you’re using the Git and Beta versions, you’ll want to do some housekeeping…
Quickstart
Kismet has many many configuration knobs and options, but check here for the quickest way to get Kismet working with the latest release (or git version) and ...
Official Kismet packages
Most distributions will not have the latest Kismet versions, but you can install the official Kismet packages for many common distros and platforms.
Installing Kismet: SUID vs Non-SUID
Kismet can be installed and configured multiple ways; the most secure is to allow Kismet to be installed suidroot and executable by users in the kismet group...
Starting Kismet
When starting Kismet you can define multiple options on the command line, config files, or perform many operations via the web interface.
Upgrading
If you’re upgrading from the old Kismet legacy release, or following the new git code, you may need to do some special care and feeding of your setup when yo...
Debugging
As hard as we try, everything has bugs. If you’re having trouble with Kismet, here’s how to help with the debugging!
Config Files
Kismet has a large set of options which can be configured via configuration files - and sanely managed during upgrades with kismet_site.conf
Logging
Kismet has many logging options; here’s how to pick which options you need.
Data sources
Data sources are how Kismet gets packets (and packet-like) data; many can be automatically configured but some need special options.
Wi-Fi sources
Wi-Fi (802.11) data sources capture packets from an interface in monitor mode.
Bluetooth sources
Bluetooth datasources capture BT and BTLE scanning and advertised data.
Pcap capture file source
Pcap datasources replay existing pcap files as if they were live data
KismetDB file source
Kismetdb datasources replay kismet log files.
SDR rtl433 sources
SDR-based rtl433 sources use the rtl-sdr radio to capture a wide range of sensors, thermometers, and switches.
SDR rtlamr sources
SDR-based rtlamr sources use the rtl-sdr radio to capture AMR based power and water meter readings.
SDR rtladsb sources
SDR-based rtladsb sources use the rtl-sdr radio to capture airplane ADSB/Mode-S location and telemetry packets.
nRF Mousejack sources
nRF Mosuejack based datasources use a nRF USB device to detect many common wireless keyboards and mice.
Remote capture
Remote network capture allows Kismet to receive packets from distributed sensors installed on other hardware, such as OpenWRT routers.
Webserver
The Kismet webserver has many optional configuration values which can be tuned in the config files.
GPS
Kismet can use serial, network, and USB GPS receivers to track the location where signals are seen.
Performance and Memory Tuning
Tuning options for performance and memory can resolve issues when dealing with very large data sets or very small servers.
Prelude SIEM
Integration with the Prelude SIEM
Kismet and Wigle
Kismetdb logs can be easily exported to the wigle CSV format for uploading.
Kismetdb to JSON
Kismetdb logs can be exported to JSON records describing all seen devices, making it easy to process capture history.
Stripping Kismetdb packet data
Kismetdb logs typically contain packet data; sometimes you may wish to strip the packet contents while keeping the device records.
Kismetdb to PCAP
Kismetdb logs can be easily converted to pcap format
Kismetdb Statistics
Quick summarization of kismetdb logs, with optional JSON output for scripting an index of captured log data.
Included libraries
Kismet wouldn’t be possible without other open source projects and includes several open source libraries.