How to extend the Kismet interface for parsing 802.11 IE tags.
Posts by Collection
How to extend Kismet by creating new datasources
The datasource captureframework C API
Extending the Kismet C++ data classifier system.
The Kismet external tool API defines how Kismet talks to capture and helper binaries.
The kismetdb log file is the new unified system for storing data, state, snapshots, devices, and all other info in Kismet.
Extending Kismet via external helpers in Python and other languages
The Kismet REST-like API
Exploring the REST API should be simple, here’s how to get the most out of the endpoints and self-documenting fields.
Data can be serialized in several different ways, as traditional JSON, streaming pseudo-JSON for large queries, and as ‘pretty’ output for learning the API.
Kismet uses a standard login and session cookie system which is easily supported by most HTTP libraries.
Commands (actionable API calls) use a common method for defining arguments and options.
The differences between keys and macs, and optional MAC group matching.
Basic system status and health reporting.
Device listing, sorting, and related interfaces.
A common ‘device view’ API which is used by many components of Kismet to present different views of the device data while retaining identical API calls.
Kismet exposes the console messages via the messagebus API.
The alerts API allows for fetching raised alerts, defining new custom alerts purely via the API interface, and raising alerts via the API interface, allowing...
Observed channels and channel traffic API.
APIs for accessing defined, and potential, datasources, as well as controlling the behavior of datasources.
Supported GPS devices, defined GPS devices, and current location information.
Access the packet stream live with optional datasource and device filtering.
Dynamically control filtering options to include or exclude devices and packets; the filtering API is used by multiple components in Kismet to define filters.
Information about running Kismet plugins.
Logging and long-running live exports of data are classified as streams and can be observed and manipulated via the stream API.
View and control logging attributes live.
Points-of-interest can be tagged live, allowing for integration of physical buttons or other scripts to make a kismetdb entry for future analysis.
Kismet stores all of its information in the kismetdb log; by exposing interfaces to the kismetdb log via the REST api, it becomes possible to access not only...
The 802.11 Wi-Fi subsystem defines a set of Wi-Fi specific APIs for accessing information about APs, related devices, and more.
Live manipulation of the fingerprinting system, which will be used in the future for whitelisting, alerts, and complex Wi-Fi device tracking.
Still under development, the ssidscan module will allow for targetting devices by SSID and automatically searching for behavior.
A simple API for non-packet-capture 802.11 devices to report scanning results to Kismet
Kismet can track additional information about UAV/Drone/Quadcopter devices based on manufacturer, SSID, and packet contents.
The tracked_component system is the Kismet internal architecture for introspectable and serializable data storage, and is used to define tracked structures l...
The web UI has pluggable interfaces for extending the device details window.
Compiling Kismet on OSX
Building Kismet-Git for OpenWRT
Building Kismet-Git remote capture for OpenWrt
Compiling and Running Kismet on Windows 10
Welcome to the new, MAJOR rewrite of Kismet! If you’re using the Git and Beta versions, you’ll want to do some housekeeping…
Kismet has many many configuration knobs and options, but check here for the quickest way to get Kismet working with the latest release (or git version) and ...
Most distributions will not have the latest Kismet versions, but you can install the official Kismet packages for many common distros and platforms.
Kismet can be installed and configured multiple ways; the most secure is to allow Kismet to be installed suidroot and executable by users in the kismet group...
When starting Kismet you can define multiple options on the command line, config files, or perform many operations via the web interface.
If you’re upgrading from the old Kismet legacy release, or following the new git code, you may need to do some special care and feeding of your setup when yo...
As hard as we try, everything has bugs. If you’re having trouble with Kismet, here’s how to help with the debugging!
Kismet has a large set of options which can be configured via configuration files - and sanely managed during upgrades with kismet_site.conf
Recommendations for package maintainers
Kismet has many logging options; here’s how to pick which options you need.
Data sources are how Kismet gets packets (and packet-like) data; many can be automatically configured but some need special options.
Wi-Fi (802.11) data sources capture packets from an interface in monitor mode.
Bluetooth datasources capture BT and BTLE scanning and advertised data.
Pcap datasources replay existing pcap files as if they were live data
Kismetdb datasources replay kismet log files.
SDR-based rtl433 sources use the rtl-sdr radio to capture a wide range of sensors, thermometers, and switches.
SDR-based rtlamr sources use the rtl-sdr radio to capture AMR based power and water meter readings.
SDR-based rtladsb sources use the rtl-sdr radio to capture airplane ADSB/Mode-S location and telemetry packets.
nRF Mosuejack based datasources use a nRF USB device to detect many common wireless keyboards and mice.
Kismet can also function as a WIDS (Wireless Intrusion Detection System) with configurable alerts.
Remote network capture allows Kismet to receive packets from distributed sensors installed on other hardware, such as OpenWRT routers.
The Kismet webserver has many optional configuration values which can be tuned in the config files.
Kismet can use serial, network, and USB GPS receivers to track the location where signals are seen.
Tuning options for performance and memory can resolve issues when dealing with very large data sets or very small servers.
Integration with the Prelude SIEM
Kismetdb logs can be easily exported to the wigle CSV format for uploading.
Kismetdb logs can be exported to JSON records describing all seen devices, making it easy to process capture history.
Kismetdb logs typically contain packet data; sometimes you may wish to strip the packet contents while keeping the device records.
Kismetdb logs can be easily converted to pcap format
Quick summarization of kismetdb logs, with optional JSON output for scripting an index of captured log data.
Kismetdb logs can be easily exported to KML for use with Google Earth
Kismet wouldn’t be possible without other open source projects and includes several open source libraries.