kali@kali:~$ sudo apt install kismet
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
kismet-capture-common kismet-capture-linux-bluetooth kismet-capture-linux-wifi kismet-capture-nrf-51822 kismet-capture-nrf-mousejack
kismet-capture-nxp-kw41z kismet-capture-ti-cc-2531 kismet-capture-ti-cc-2540 kismet-core kismet-logtools libmicrohttpd12 libprotobuf22
python3-kismetcapturefreaklabszigbee python3-kismetcapturertl433 python3-kismetcapturertladsb python3-kismetcapturertlamr python3-protobuf
Suggested packages:
gpsd kismet-doc kismet-plugins festival
The following NEW packages will be installed:
kismet kismet-capture-common kismet-capture-linux-bluetooth kismet-capture-linux-wifi kismet-capture-nrf-51822 kismet-capture-nrf-mousejack
kismet-capture-nxp-kw41z kismet-capture-ti-cc-2531 kismet-capture-ti-cc-2540 kismet-core kismet-logtools libmicrohttpd12 libprotobuf22
python3-kismetcapturefreaklabszigbee python3-kismetcapturertl433 python3-kismetcapturertladsb python3-kismetcapturertlamr python3-protobuf
0 upgraded, 18 newly installed, 0 to remove and 112 not upgraded.
Need to get 0 B/6,237 kB of archives.
After this operation, 29.1 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Preconfiguring packages ...
...
Setting up kismet (2020.04.R3-0kali1) ...
Processing triggers for man-db (2.9.3-2) ...
Processing triggers for kali-menu (2020.3.2) ...
Processing triggers for libc-bin (2.30-8) ...
Log files are in three formats: kismet, PcapPpi, and PcapNg. Kismet is the default and includes all the gathered data in a SQLite database. PcapPpi is a legacy Pcap format while PcapNg is the modern.
We can override settings in multiple files by creating a kismet_site.conf file in /etc/kismet/.
Data sources include Wi-Fi, Bluetooth, Software Defined Radio (SDR), and nRF signals.
Starting Kismet
Running kismet, disabling the ncurses library:
kali@kali:/etc/kismet$ cd ~
kali@kali:~$ sudo kismet -c wlan0 --no-ncurses
INFO: Including sub-config file: /etc/kismet/kismet_httpd.conf
INFO: Including sub-config file: /etc/kismet/kismet_memory.conf
INFO: Including sub-config file: /etc/kismet/kismet_alerts.conf
INFO: Including sub-config file: /etc/kismet/kismet_80211.conf
INFO: Including sub-config file: /etc/kismet/kismet_logging.conf
INFO: Including sub-config file: /etc/kismet/kismet_filter.conf
INFO: Including sub-config file: /etc/kismet/kismet_uav.conf
INFO: More than one override file included; Kismet will process them in the order they were defined.
INFO: Loading config override file '/etc/kismet/kismet_package.conf'
INFO: Optional sub-config file not present: /etc/kismet/kismet_package.conf
INFO: Loading config override file '/etc/kismet/kismet_site.conf'
INFO: Loading optional sub-config file: /etc/kismet/kismet_site.conf
...
KISMET - Point your browser to http://localhost:2501 (or the address of this system) for the Kismet UI
INFO: Starting Kismet web server...
INFO: Started http server on 0.0.0.0:2501
...
INFO: Found type 'linuxwifi' for 'wlan0'
INFO: wlan0 telling NetworkManager not to control interface 'wlan0': you may need to re-initialize this interface later or tell NetworkManager to control it again via 'nmcli'
INFO: wlan0 bringing down parent interface 'wlan0'
INFO: Data source 'wlan0' launched successfully
INFO: Detected new 802.11 Wi-Fi access point 5B:5C:79:0B:A8:F2
INFO: 802.11 Wi-Fi device 5B:5C:79:0B:A8:F2 advertising SSID 'Galain'
INFO: Detected new 802.11 Wi-Fi access point D5:89:1D:35:20:62
INFO: 802.11 Wi-Fi device D5:89:1D:35:20:62 advertising SSID 'Liosan'
INFO: Detected new 802.11 Wi-Fi device AC:D5:64:3B:A7:BB
INFO: Detected new 802.11 Wi-Fi access point 67:CB:81:07:A7:57
INFO: 802.11 Wi-Fi device 67:CB:81:07:A7:57 advertising SSID 'Emurlahn'
^C
*** KISMET IS SHUTTING DOWN ***
Shutting down plugins...
...
Kismet exiting.
kali@kali:~$
kali@kali:~$ sudo kismet -c wlan0:channels="4,5,6"
...
INFO: Data sources passed on the command line (via -c source), ignoring
source= definitions in the Kismet config file.
INFO: Probing interface 'wlan0' to find datasource type
...
INFO: Found type 'linuxwifi' for 'wlan0:channels="4,5,6"'
...
INFO: Data source 'wlan0:channels="4,5,6"' launched successfully
INFO: Detected new 802.11 Wi-Fi device AC:D5:64:3B:A7:BB
^C
*** KISMET IS SHUTTING DOWN ***
Shutting down plugins...
...
Kismet exiting.
Starting Kismet as a daemon:
kali@kali:~$ sudo kismet --daemonize
Silencing output and entering daemon mode...
INFO: Including sub-config file: /etc/kismet/kismet_httpd.conf
INFO: Including sub-config file: /etc/kismet/kismet_memory.conf
INFO: Including sub-config file: /etc/kismet/kismet_alerts.conf
INFO: Including sub-config file: /etc/kismet/kismet_80211.conf
INFO: Including sub-config file: /etc/kismet/kismet_logging.conf
INFO: Including sub-config file: /etc/kismet/kismet_filter.conf
INFO: Including sub-config file: /etc/kismet/kismet_uav.conf
INFO: More than one override file included; Kismet will process them in the order they were defined.
INFO: Loading config override file '/etc/kismet/kismet_package.conf'
INFO: Optional sub-config file not present: /etc/kismet/kismet_package.conf
INFO: Loading config override file '/etc/kismet/kismet_site.conf'
INFO: Loading optional sub-config file: /etc/kismet/kismet_site.conf
INFO: Setting server UUID 00000000-0000-0000-0000-4B49534D4554
INFO: Serving static content from '/usr/share/kismet/httpd/'
INFO: Serving static userdir content from '/root/.kismet/httpd/'
INFO: Loading saved HTTP sessions
INFO: Opened OUI file '/usr/share/kismet/kismet_manuf.txt
INFO: Indexing manufacturer db
Web Interface
Web Interface is available on localhost:2501 by default.
OUI database can be found at /usr/share/kismet/kismet_manuf.txt
Securing the Web Interface
Restricting access, changing from listening on all interfaces to only our loopback:
To enable remote capture, we need to setup an SSH tunnel to the server or configure the remote instance of Kismet to listen on a specific network interface. Starting a Kismet server without a data source on Kali:
kali@kali:~$ sudo kismet
...
INFO: Launching remote capture server on 127.0.0.1:3501
INFO: No data sources defined; Kismet will not capture anything until a
source is added.
INFO: Opened kismetdb log file '/var/log//Kismet-20200917-15-18-55-1.kismet'
INFO: Saving packets to the Kismet database log.
INFO: Opened pcapng log file '/var/log/kismet//Kismet-20200917-15-18-55-1.pcapng'
ALERT: rootuser Kismet is running as root; this is less secure. If you
are running Kismet at boot via systemd, make sure to use `systemctl
edit kismet.service` to change the user. For more information, see
the Kismet README for setting up Kismet with minimal privileges.
INFO: Starting Kismet web server...
INFO: Started http server on port 2501
Establishing a SSH tunnel with port 8000 forwarded:
kali@kaliremote:~$ ssh kali@192.168.62.192 -L 8000:localhost:3501
kali@192.168.62.192's password:
Linux kali 4.19.0-kali5-amd64 #1 SMP Debian 4.19.37-6kali1 (2019-07-22) x86_64
The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Sep 16 10:21:11 2020 from 192.168.62.219
kali@kali:~$
Starting a remote capture:
kali@kaliremote:~$ sudo kismet_cap_linux_wifi --connect 127.0.0.1:8000 --source=wlan0
INFO - Connected to '127.0.0.1:8000'...
INFO - 127.0.0.1:8000 starting capture...
Log Files
Command line switches related to logging:
-T, --log-types <types> Override activated log types
-p, --log-prefix <prefix> Directory to store log files
-n, --no-logging Disable logging entirely
Using sqlite3 to interact with the database:
kali@kali:~$ sudo sqlite3 /var/log/kismet/Kismet-20200917-18-45-34-1.kismet
SQLite version 3.33.0 2020-08-14 13:23:32
Enter ".help" for usage hints.
sqlite> .tables
KISMET data devices packets
alerts datasources messages snapshots
Let's quickly review each table.
The KISMET table contains the database version and which version of Kismet created the log file.
The alerts table contains any alerts or WIDS issues.
The data table contains records that are not packet related, such as SDR data.
The datasources table contains information about the data sources used to capture data.
The devices table contains information about the devices Kismet was able to identify.
The messages table contains informational messages, such as those displayed in the console or web application.
The packets table contains the raw packets captured by Kismet. The table can contain multiple DLTs.
The snapshots table contains time-based information.