A new UI
The new UI has many features, and more are under development!
Running for the first time
The first time Kismet is started as a new user, you will need to provide a login and password. These are stored in the home directory of the user who starts Kismet (in
~/.kismet/) and used whenever Kismet is started as that user in the future.
The web UI automatically detects the first login and prompts for setting a user and password:
Adding a datasource
Once you’ve set up the initial login, you’ll likely find a relatively empty UI; unless you provided a data source on the command line or in the config files, Kismet will have nothing to do.
Open the sidebar menu in the top left:
If you are logged in, in the ‘Datasources’ panel, Kismet will display auto-detected interfaces; most data source types can be automatically detected, but be sure to check out the documentation for a complete list.
Adding a datasource should be as simple as clicking ‘Enable’!
A running data source shows the type, interface, channels, hopping parameters, etc. They can be configured in the web UI.
Now that a datasource is running the main interface will start showing devices, messages, alerts, and more!
The primary UI displays the list of devices Kismet has seen, channel activity, messages, alerts, and more.
The main device list is searchable:
Searches apply to almost any field in the display: You can search by name, full or partial MAC address, full or partial BSSID (for Wi-Fi), manufacturer, SSID, type, and more!
At the top right of the main interface is the collection of status icons:
The statusbar can be expanded via plugins, but includes the login status (locked or unlocked), the GPS status, active alerts, and the battery or power status.
Clicking on alerts will open a sub-panel listing alerts:
In this case we’re showing alerts from a server with a misconfigured datasource which is having significant problems. WIDS alerts and other Kismet alert conditions are also shown here.
The messages tab at the bottom left shows console messages from the Kismet server - these are the same messages that are printed to the terminal Kismet is running in, and show alerts, device found notifications, and status notifications about various issues or status changes in data sources, GPS sources, and so on.
In this case again we’re looking at the Kismet server with a badly misbehaving datasource. Datasource errors show up as alerts and messages, since they’re often a condition you’ll be concerned about.
Clicking on a device in the main device list opens a device details panel. The device details panels adjust to the device type - a Wi-Fi device will show details about Wi-Fi parameters, while a RTL433 device might show the status of a weather station.
Every item in the device details window has built-in explanations - click the ‘?’ icon for info about what a field is showing!
The main device details are common across all device types:
In the main panel, devices can be given custom names and notes - these are stored as part of the device record in the kismetdb log, and change the name of the device in the device list.
Device notes can be multiple lines, too!
The Wi-Fi details panel shows information about the Wi-Fi configuration; for clients it will also show (and link to the details screen of) all the access points the client has been associated to, and for access points it will show both the clients that have connected to the AP, and other access points which appear to be on the same network.
Kismet can decode additional information from Wi-Fi devices, including optional standards like 802.11e/QBSS which allows the access point to report the number of connected stations, channel interference, etc. Kismet will display any information it has about the Wi-Fi device in the Wi-Fi panel.
Kismet will also automatically collect packets for WPA analysis:
Once a complete WPA handshake has been seen, Kismet can provide a pcap file of just the handshake packets:
For devices of other types, Kismet displays equivalent information, for example a RTL433-detected weather station shows any sensors the station reports:
Tweaking the UI
The web UI has a full settings management system. Settings are stored per-browser as a local html5 data store; this allows settings to be customized per viewing device without requiring a data file on the server, permissions issues, etc.
The columns in the device list can be moved, and optional columns can be added (or initial columns removed).
Row highlighting can also be configured - do you want access points to show up as hot pink? Click on the color swatch and go nuts!
Kismet has a built in device and memory graph; accessed via the sidebar menu.
Channels and datasources
Kismet also has built-in displays for channel coverage across multiple datasources, as well as an estimated channel hopping pattern (channel hopping usually happens far too quickly to display a real representation of the channel each datasource is on).
With a single data source, the channel coverage display is pretty boring.
But if you have many data sources, the coverage patterns can be very helpful.
Managing many datasources
The Kismet UI handles many data sources of different types gracefully:
More to come!
There’s much more to come in future releases, and more features built into the 2019-04 web UI not covered here, but hopefully this gives you an idea of the functionality Kismet has already and shows some of the power of the new UI!