Adding parsers for new IE tags in Kismet is relatively simple; there’s a handful of files you need to modify and coding conventions you should follow, howeve...
Posts by Collection
These docs represent a protocol that is still heavily under development - until the first internal implementations are done, it would be unwise to start an i...
These docs represent an API that is still heavily under development - until the first internal implementations are done, it would be unwise to start an indep...
Once data has been captured (see the datasource docs for more details about creating a data source) and handled by the DLT handler, additional processing can...
Kismet helper tools are external programs which Kismet uses; splitting functionality into an external helper can be for several reasons:
These docs represent a logfile which is under current development; until the first full release is done, the contents of the Kismet log are subject to change...
Kismet can load additional code dynamically at runtime in the form of a plugin.
Kismet uses a REST-like interface for the embedded webserver, which provides data and accepts commands.
Exploring the REST system
Kismet uses HTTP basic-auth to submit login information, and session cookies to retain login state.
Commands are sent via HTTP POST. Command options are sent as a JSON dictionary object in the POST field json
MAC addresses The MAC address is a theoretically unique identifier given to a device at manufacture time. For Ethernet and Wi-Fi devices, this is assigned b...
System status URL /system/status.json
A device is the central record of a tracked entity in Kismet. Clients, bridges, access points, wireless sensors, and any other type of entity seen by Kismet...
Device views Device views are optimized subsets of the global device list. Device views can be defined by PHY handlers, plugins, as part of the base Kismet ...
Kismet uses an internal messagebus system for communicating text messages from system components to the user. The messagebus is used to pass error, state, a...
Kismet alerts notify the user of critical Kismet events and wireless intrusion events. Alerts are generated as messages (sent via the messagebus) and as ale...
System status URL /channels/channels.json
Datasources in Kismet capture information - typically packets - and return them to the Kismet server for processing. Typically, a datasource is analogous to...
Kismet now supports multiple simultaneous GPS devices, and can select the ‘best’ quality device based on priority and GPS signal.
Kismet can export packets in the pcap-ng format; this is a standard, extended version of the traditional pcap format. Tools such as Wireshark (and tshark) c...
Packet filters Packet filtering is used by Kismet to limit the packets in some fashion; typically to restrict the packets being logged, returned in packet st...
Kismet plugins may be active C++ code (loaded as a plugin.so shared object file) or they may be web content only which is loaded into the UI without requirin...
A Kismet stream is linked to an export of data of prolonged length; for instance, packet capture logs to disk or streamed over the web API.
Kismet uses a centralized logging architecture which manages enabling and tracking the status of logs. The logging system integrates with the streaming syte...
You can tag a time and location as a “point of interest” using the POI API. This API is only available when the kismetdb log is enabled.
If the Kismet Databaselog is enabled, Kismet will expose an API for extracting historic data. If the databaselog is not enabled, these APIs will not be avai...
The 802.11 Wi-Fi phy defines extra endpoints for manipulating Wi-Fi devices seen by Kismet, and for extracting packets of special types.
The Kismet phy80211 fingerprinting system is used for device whitelisting, device modification alerts, and other device tracking.
The UAV/Drone phy defines extra endpoints for matching UAVs based on manufacturer and SSID.
Kismet manages complex objects with arbitrary serialization and logging by implementing “tracked elements”; Tracked elements are introspectable in C++ and ca...
It’s often desireable to display simple data in Kismet as a table. Kismet handles this in the web UI as a jquery plugin, jquery.kismet.devicedata.
Kismet self-serves its web UI via the built-in webserver. The web UI can interact with any exposed REST endpoint on the server. Kismet does not currently s...
Kismet uses a REST-like interface on the embedded web server for providing data and accepting commands. Generally, data is fetched via HTTP GET and commands...
Compiling Kismet on OSX
Building Kismet-Git for the Wi-Fi Pineapple Tetra
Building Kismet-Git remote capture for OpenWrt
Compiling and Running Kismet on Windows 10
Git and Beta Versions
Quick Start Guide
There are automatically-built repositories for Kismet on several Linux distributions. More are being added over time, and your distribution may already have...
SUID and non-SUID installation
Upgrading to the new Kismet
Kismet README and Quick Start Guide
Kismet configuration files
Kismet logging options
Data capture sources
Wi-Fi (802.11) data sources
Pcap capture file replay
SDR-based rtl433 sources
SDR-based rtlamr sources
SDR-based rtladsb sources
nRF Mosuejack based sources
Remote network capture
Kismet webserver configuration
Tuning options for performance and memory
Integration with the Prelude SIEM
Kismet integration with Wigle
Kismetdb to JSON
Stripping Kismetdb packet data
Converting Kismetdb to PCAP
Included third-party libraries