A quick tour of the new Kismet UI

4 minute read

A new UI

The new Kismet release (2019-04) brings a whole new web-based user interface. The new UI allows for the display of much more complex information, more flexible display of information, and allows for dynamic plugins which can extend the UI in Javascript.

The new UI has many features, and more are under development!

Running for the first time

The first time Kismet is started as a new user, you will need to provide a login and password. These are stored in the home directory of the user who starts Kismet (in ~/.kismet/) and used whenever Kismet is started as that user in the future.

The web UI automatically detects the first login and prompts for setting a user and password: first-time

Adding a datasource

Once you’ve set up the initial login, you’ll likely find a relatively empty UI; unless you provided a data source on the command line or in the config files, Kismet will have nothing to do.

Open the sidebar menu in the top left: sidebar

If you are logged in, in the ‘Datasources’ panel, Kismet will display auto-detected interfaces; most data source types can be automatically detected, but be sure to check out the documentation for a complete list. sources

Adding a datasource should be as simple as clicking ‘Enable’! enabled

A running data source shows the type, interface, channels, hopping parameters, etc. They can be configured in the web UI.

Main interface

Now that a datasource is running the main interface will start showing devices, messages, alerts, and more!

main

The primary UI displays the list of devices Kismet has seen, channel activity, messages, alerts, and more.

The main device list is searchable: search

Searches apply to almost any field in the display: You can search by name, full or partial MAC address, full or partial BSSID (for Wi-Fi), manufacturer, SSID, type, and more!

Status bar

At the top right of the main interface is the collection of status icons:

status

The statusbar can be expanded via plugins, but includes the login status (locked or unlocked), the GPS status, active alerts, and the battery or power status.

Clicking on alerts will open a sub-panel listing alerts:

alerts

In this case we’re showing alerts from a server with a misconfigured datasource which is having significant problems. WIDS alerts and other Kismet alert conditions are also shown here.

Messages console

The messages tab at the bottom left shows console messages from the Kismet server - these are the same messages that are printed to the terminal Kismet is running in, and show alerts, device found notifications, and status notifications about various issues or status changes in data sources, GPS sources, and so on.

messages

In this case again we’re looking at the Kismet server with a badly misbehaving datasource. Datasource errors show up as alerts and messages, since they’re often a condition you’ll be concerned about.

Device details

Clicking on a device in the main device list opens a device details panel. The device details panels adjust to the device type - a Wi-Fi device will show details about Wi-Fi parameters, while a RTL433 device might show the status of a weather station.

Every item in the device details window has built-in explanations - click the ‘?’ icon for info about what a field is showing!

detailshelp

The main device details are common across all device types:

details

In the main panel, devices can be given custom names and notes - these are stored as part of the device record in the kismetdb log, and change the name of the device in the device list.

name notes

Device notes can be multiple lines, too!

The Wi-Fi details panel shows information about the Wi-Fi configuration; for clients it will also show (and link to the details screen of) all the access points the client has been associated to, and for access points it will show both the clients that have connected to the AP, and other access points which appear to be on the same network.

wifi

Kismet can decode additional information from Wi-Fi devices, including optional standards like 802.11e/QBSS which allows the access point to report the number of connected stations, channel interference, etc. Kismet will display any information it has about the Wi-Fi device in the Wi-Fi panel.

Kismet will also automatically collect packets for WPA analysis:

wpa

Once a complete WPA handshake has been seen, Kismet can provide a pcap file of just the handshake packets:

wpacomplete

For devices of other types, Kismet displays equivalent information, for example a RTL433-detected weather station shows any sensors the station reports:

rtl433

Tweaking the UI

The web UI has a full settings management system. Settings are stored per-browser as a local html5 data store; this allows settings to be customized per viewing device without requiring a data file on the server, permissions issues, etc.

settings

The columns in the device list can be moved, and optional columns can be added (or initial columns removed).

settings-highlights

Row highlighting can also be configured - do you want access points to show up as hot pink? Click on the color swatch and go nuts!

hotpink

Monitoring memory

Kismet has a built in device and memory graph; accessed via the sidebar menu.

memory

Channels and datasources

Kismet also has built-in displays for channel coverage across multiple datasources, as well as an estimated channel hopping pattern (channel hopping usually happens far too quickly to display a real representation of the channel each datasource is on).

simplechannels

With a single data source, the channel coverage display is pretty boring.

morechannels

But if you have many data sources, the coverage patterns can be very helpful.

Managing many datasources

The Kismet UI handles many data sources of different types gracefully:

manysources

More to come!

There’s much more to come in future releases, and more features built into the 2019-04 web UI not covered here, but hopefully this gives you an idea of the functionality Kismet has already and shows some of the power of the new UI!