Tree's Notes
  • Overview
  • Tools & Cheatsheets
  • Hacking Methodology
  • Hands-on Practice
  • Linux
    • Linux Basics
  • Windows
    • Windows Basics
  • MacOS
    • MacOS Basics
  • Web
    • Web Basics
  • Mobile
    • iOS
    • Android
  • OS Agnostic
    • Template
  • Courses
    • Hack The Box
      • Bug Bounty Hunter
        • Module 1: Web Requests
        • Module 2: Introduction to Web Applications
        • Module 3: Using Web Proxies
        • Module 4: Information Gathering - Web Edition
        • Module 5: Attacking Web Applications with Ffuf
        • Module 6: JavaScript Deobfuscation
        • Module 7: Cross-Site Scripting (XSS)
        • Module 8: SQL Injection Fundamentals
        • Module 9: SQLMap Essentials
        • Module 10: Command Injections
        • Module 11: File Upload Attacks
        • Module 12: Server-Side Attacks
        • Module 13: Login Brute Forcing
        • Module 14: Broken Authentication
        • Module 15: Web Attacks
        • Module 16: File Inclusion
        • Module 17: Session Security
        • Module 18: Web Service & API Attacks
        • Module 19: Hacking Wordpress
        • Module 20: Bug Bounty Hunting Process
    • OffSec
      • 🦊EXP-301
        • Module 1: Windows User Mode Exploit Development: General Course Information
        • Module 2: WinDbg and x86 Architecture
        • Module 3: Exploiting Stack Overflows
        • Module 4: Exploiting SEH Overflows
        • Module 5: Introduction to IDA Pro
        • Module 6: Overcoming Space Restrictions: Egghunters
        • Module 7: Creating Custom Shellcode
        • Module 8: Reverse Engineering for Bugs
        • Module 9: Stack Overflows and DEP Bypass
        • Module 10: Stack Overflows and ASLR Bypass
        • Module 11: Format String Specifier Attack Part I
        • Module 12: Format String Specifier Attack Part II
        • Module 13: Trying Harder: The Labs
      • 🐙EXP-312
        • Module 1: macOS Control Bypasses: General Course Information
        • Module 2: Virtual Machine Setup Guide
        • Module 3: Introduction to macOS
        • Module 4: macOS Binary Analysis Tools
        • Module 5: The Art of Crafting Shellcodes
        • Module 6: The Art of Crafting Shellcodes (Apple Silicon Edition)
        • Module 7: Dylib Injection
        • Module 8: The Mach Microkernel
        • Module 9: XPC Attacks
        • Module 10: Function Hooking on macOS
        • Module 11: The macOS Sandbox
        • Module 12: Bypassing Transparency, Consent, and Control (Privacy)
        • Module 13: GateKeeper Internals
        • Module 14: Bypassing GateKeeper
        • Module 15: Symlink and Hardlink Attacks
        • Module 16: Injecting Code into Electron Applications
        • Module 17: Getting Kernel Code Execution
        • Module 18: Mach IPC Exploitation
        • Module 19: macOS Penetration Testing
        • Module 20: Chaining Exploits on macOS Ventura
        • Module 21: Mount(ain) of Bugs (archived)
      • ⚓IR-200
        • Module 1: Incident Response Overview
        • Module 2: Fundamentals of Incident Response
        • Module 3: Phases of Incident Response
        • Module 4: Incident Response Communication Plans
        • Module 5: Common Attack Techniques
        • Module 6: Incident Detection and Identification
        • Module 7: Initial Impact Assessment
        • Module 8: Digital Forensics for Incident Responders
        • Module 9: Incident Response Case Management
        • Module 10: Active Incident Containment
        • Module 11: Incident Eradication and Recovery
        • Module 12: Post-Mortem Reporting
        • Module 13: Incident Response Challenge Labs
      • 🐉PEN-103
      • 🐲PEN-200
        • Module 1: Copyright
        • Module 2: Penetration Testing with Kali Linux: General Course Information
        • Module 3: Introduction to Cybersecurity
        • Module 4: Effective Learning Strategies
        • Module 5: Report Writing for Penetration Testers
        • Module 6: Information Gathering
        • Module 7: Vulnerability Scanning
        • Module 8: Introduction to Web Application Attacks
        • Module 9: Common Web Application Attacks
        • Module 10: SQL Injection Attacks
        • Module 11: Client-side Attacks
        • Module 12: Locating Public Exploits
        • Module 13: Fixing Exploits
        • Module 14: Antivirus Evasion
        • Module 15: Password Attacks
        • Module 16: Windows Privilege Escalation
        • Module 17: Linux Privilege Escalation
        • Module 18: Port Redirection and SSH Tunneling
        • Module 19: Tunneling Through Deep Packet Inspection
        • Module 20: The Metasploit Framework
        • Module 21: Active Directory Introduction and Enumeration
        • Module 22: Attacking Active Directory Authentication
        • Module 23: Lateral Movement in Active Directory
        • Module 24: Enumerating AWS Cloud Infrastructure
        • Module 25: Attacking AWS Cloud Infrastructure
        • Module 26: Assembling the Pieces
        • Module 27: Trying Harder: The Challenge Labs
      • 🛜PEN-210
        • Module 1: IEEE 802.11
        • Module 2: Wireless Networks
        • Module 3: Wi-Fi Encryption
        • Module 4: Linux Wireless Tools, Drivers, and Stacks
        • Module 5: Wireshark Essentials
        • Module 6: Frames and Network Interaction
        • Module 7: Aircrack-ng Essentials
        • Module 8: Cracking Authentication Hashes
        • Module 9: Attacking WPS Networks
        • Module 10: Rogue Access Points
        • Module 11: Attacking Captive Portals
        • Module 12: Attacking WPA Enterprise
        • Module 13: bettercap Essentials
        • Module 14: Determining Chipsets and Drivers
        • Module 15: Kismet Essentials
        • Module 16: Manual Network Connections
      • 🔗PEN-300
        • Module 1: Evasion Techniques and Breaching Defenses: General Course Information
        • Module 2: Operating System and Programming Theory
        • Module 3: Client Side Code Execution With Office
        • Module 4: Phishing with Microsoft Office
        • Module 5: Client Side Code Execution With Windows Script Host
        • Module 6: Reflective PowerShell
        • Module 7: Process Injection and Migration
        • Module 8: Introduction to Antivirus Evasion
        • Module 9: Advanced Antivirus Evasion
        • Module 10: Application Whitelisting
        • Module 11: Bypassing Network Filters
        • Module 12: Linux Post-Exploitation
        • Module 13: Kiosk Breakouts
        • Module 14: Windows Credentials
        • Module 15: Windows Lateral Movement
        • Module 16: Linux Lateral Movement
        • Module 17: Microsoft SQL Attacks
        • Module 18: Active Directory Exploitation
        • Module 19: Attacking Active Directory
        • Module 20: Combining the Pieces
        • Module 21: Trying Harder: The Labs
      • ⚛️SEC-100
      • 🛡️SOC-200
        • Module 1: Introduction to SOC-200
        • Module 2: Attacker Methodology Introduction
        • Module 3: Windows Endpoint Introduction
        • Module 4: Windows Server Side Attacks
        • Module 5: Windows Client-Side Attacks
        • Module 6: Windows Privilege Escalation
        • Module 7: Windows Persistence
        • Module 8: Linux Endpoint Introduction
        • Module 9: Linux Server Side Attacks
        • Module 10: Linux Privilege Escalation
        • Module 11: Network Detections
        • Module 12: Antivirus Alerts and Evasion
        • Module 13: Active Directory Enumeration
        • Module 14: Network Evasion and Tunneling
        • Module 15: Windows Lateral Movement
        • Module 16: Active Directory Persistence
        • Module 17: SIEM Part One: Intro to ELK
        • Module 18: SIEM Part Two: Combining the Logs
        • Module 19: Trying Harder: The Labs
      • TH-200
        • Module 1: Threat Hunting Concepts and Practices
        • Module 2: Threat Actor Landscape Overview
        • Module 3: Communication and Reporting for Threat Hunters
        • Module 4: Hunting With Network Data
        • Module 5: Hunting on Endpoints
        • Module 6: Theat Hunting Without IoCs
        • Module 7: Threat Hunting Challenge Labs
      • 🦉WEB-200
        • Module 1: Introduction to WEB-200
        • Module 2: Tools (archived)
        • Module 3: Web Application Enumeration Methodology
        • Module 4: Introduction to Burp Suite
        • Module 5: Cross-Site Scripting Introduction and Discovery
        • Module 6: Cross-Site Scripting Exploitation and Case Study
        • Module 7: Cross-Origin Attacks
        • Module 8: Introduction to SQL
        • Module 9: SQL Injection
        • Module 10: Directory Traversal Attacks
        • Module 11: XML External Entities
        • Module 12: Server-side Template Injection - Discovery and Exploitation
        • Module 13: Command Injection
        • Module 14: Server-side Request Forgery
        • Module 15: Insecure Direct Object Referencing
        • Module 16: Assembling the Pieces: Web Application Assessment Breakdown
      • 🕷️WEB-300
        • Module 1: Introduction
        • Module 2: Tools & Methodologies
        • Module 3: ManageEngine Applications Manager AMUserResourcesSyncServlet SSQL Injection RCE
        • Module 4: DotNetNuke Cookie Deserialization RCE
        • Module 5: ERPNext Authentication Bypass and Remote Code Execution
        • Module 6: openCRX Authentication Bypass and Remote Code Execution
        • Module 7: openITCOCKPIT XSS and OS Command Injection - Blackbox
        • Module 8: Concord Authentication Bypass to RCE
        • Module 9: Server-Side Request Forgery
        • Module 10: Guacamole Lite Prototype Pollution
        • Module 11: Dolibarr Eval Filter Bypass RCE
        • Module 12: RudderStack SQLi and Coraza WAF Bypass
        • Module 13: Conclusion
        • Module 14: ATutor Authentication Bypass and RCE (archived)
        • Module 15: ATutor LMS Type Juggling Vulnerability (archived)
        • Module 16: Atmail Mail Server Appliance: from XSS to RCE (archived)
        • Module 17: Bassmaster NodeJS Arbitrary JavaScript Injection Vulnerability (archived)
    • SANS
      • FOR572
Powered by GitBook
On this page
  • Installation
  • Configuration Files
  • Output Files
  • Data Sources
  • Starting Kismet
  • Web Interface
  • Securing the Web Interface
  • Remote Capture
  • Log Files
  • Reading Log Files
  • Exporting Data
  • Pcap
  • JSON
Edit on GitHub
  1. Courses
  2. OffSec
  3. PEN-210

Module 15: Kismet Essentials

Installation

Installing Kismet:

kali@kali:~$ sudo apt install kismet
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  kismet-capture-common kismet-capture-linux-bluetooth kismet-capture-linux-wifi kismet-capture-nrf-51822 kismet-capture-nrf-mousejack
  kismet-capture-nxp-kw41z kismet-capture-ti-cc-2531 kismet-capture-ti-cc-2540 kismet-core kismet-logtools libmicrohttpd12 libprotobuf22
  python3-kismetcapturefreaklabszigbee python3-kismetcapturertl433 python3-kismetcapturertladsb python3-kismetcapturertlamr python3-protobuf
Suggested packages:
  gpsd kismet-doc kismet-plugins festival
The following NEW packages will be installed:
  kismet kismet-capture-common kismet-capture-linux-bluetooth kismet-capture-linux-wifi kismet-capture-nrf-51822 kismet-capture-nrf-mousejack
  kismet-capture-nxp-kw41z kismet-capture-ti-cc-2531 kismet-capture-ti-cc-2540 kismet-core kismet-logtools libmicrohttpd12 libprotobuf22
  python3-kismetcapturefreaklabszigbee python3-kismetcapturertl433 python3-kismetcapturertladsb python3-kismetcapturertlamr python3-protobuf
0 upgraded, 18 newly installed, 0 to remove and 112 not upgraded.
Need to get 0 B/6,237 kB of archives.
After this operation, 29.1 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Preconfiguring packages ...
...
Setting up kismet (2020.04.R3-0kali1) ...
Processing triggers for man-db (2.9.3-2) ...
Processing triggers for kali-menu (2020.3.2) ...
Processing triggers for libc-bin (2.30-8) ...

Configuration Files

Config files can be found in /etc/kismet/.

kali@kali:~$ ls -al /etc/kismet/
drwxr-xr-x   2 root root  4096 Sep 17 13:34 .
drwxr-xr-x 164 root root 12288 Sep 17 13:23 ..
-rw-r--r--   1 root root  4033 Sep 14 07:53 kismet_80211.conf
-rw-r--r--   1 root root  3723 Sep 14 07:53 kismet_alerts.conf
-rw-r--r--   1 root root  7768 Sep 14 07:53 kismet.conf
-rw-r--r--   1 root root  3486 Sep 14 07:53 kismet_filter.conf
-rw-r--r--   1 root root  2717 May 15 03:21 kismet_httpd.conf
-rw-r--r--   1 root root  5106 May 15 03:21 kismet_logging.conf
-rw-r--r--   1 root root  4977 Sep 14 07:53 kismet_memory.conf
-rw-r--r--   1 root root  4737 May 15 03:21 kismet_uav.conf

Output Files

Log files are in three formats: kismet, PcapPpi, and PcapNg. Kismet is the default and includes all the gathered data in a SQLite database. PcapPpi is a legacy Pcap format while PcapNg is the modern.

We can override settings in multiple files by creating a kismet_site.conf file in /etc/kismet/.

Converting PcapNg to Pcap:

kali@kali:~$ tshark -F pcap -r ${pcapng file} -w ${pcap file}

Creating an override to store data in a new directory and create log files in kismet and PcapNg formats:

kismet_site.conf
log_prefix=/var/log/kismet/
log_types=kismet,pcapng

Data Sources

Data sources include Wi-Fi, Bluetooth, Software Defined Radio (SDR), and nRF signals.

Starting Kismet

Running kismet, disabling the ncurses library:

kali@kali:/etc/kismet$ cd ~
kali@kali:~$ sudo kismet -c wlan0 --no-ncurses
INFO: Including sub-config file: /etc/kismet/kismet_httpd.conf
INFO: Including sub-config file: /etc/kismet/kismet_memory.conf
INFO: Including sub-config file: /etc/kismet/kismet_alerts.conf
INFO: Including sub-config file: /etc/kismet/kismet_80211.conf
INFO: Including sub-config file: /etc/kismet/kismet_logging.conf
INFO: Including sub-config file: /etc/kismet/kismet_filter.conf
INFO: Including sub-config file: /etc/kismet/kismet_uav.conf
INFO: More than one override file included; Kismet will process them in the order they were defined.
INFO: Loading config override file '/etc/kismet/kismet_package.conf'
INFO: Optional sub-config file not present: /etc/kismet/kismet_package.conf
INFO: Loading config override file '/etc/kismet/kismet_site.conf'
INFO: Loading optional sub-config file: /etc/kismet/kismet_site.conf
...
KISMET - Point your browser to http://localhost:2501 (or the address of this system) for the Kismet UI
INFO: Starting Kismet web server...
INFO: Started http server on 0.0.0.0:2501
...
INFO: Found type 'linuxwifi' for 'wlan0'
INFO: wlan0 telling NetworkManager not to control interface 'wlan0': you may need to re-initialize this interface later or tell NetworkManager to control it again via 'nmcli'
INFO: wlan0 bringing down parent interface 'wlan0'
INFO: Data source 'wlan0' launched successfully
INFO: Detected new 802.11 Wi-Fi access point 5B:5C:79:0B:A8:F2
INFO: 802.11 Wi-Fi device 5B:5C:79:0B:A8:F2 advertising SSID 'Galain'
INFO: Detected new 802.11 Wi-Fi access point D5:89:1D:35:20:62
INFO: 802.11 Wi-Fi device D5:89:1D:35:20:62 advertising SSID 'Liosan'
INFO: Detected new 802.11 Wi-Fi device AC:D5:64:3B:A7:BB
INFO: Detected new 802.11 Wi-Fi access point 67:CB:81:07:A7:57
INFO: 802.11 Wi-Fi device 67:CB:81:07:A7:57 advertising SSID 'Emurlahn'
^C
*** KISMET IS SHUTTING DOWN ***
Shutting down plugins...
...
Kismet exiting.
kali@kali:~$

Listing the Kismet log directory:

kali@kali:~$ ls -al /var/log/kismet/
total 76
drwxr-xr-x  2 root root  4096 Sep 17 12:26 .
drwxr-xr-x 19 root root  4096 Sep 17 11:49 ..
-rw-r--r--  1 root root 61440 Sep 17 11:38 Kismet-20200917-15-38-41-1.kismet
-rw-r--r--  1 root root   744 Sep 17 11:38 Kismet-20200917-15-38-41-1.pcapng

Running Kismet on channels 4, 5, and 6:

kali@kali:~$ sudo kismet -c wlan0:channels="4,5,6"
...
INFO: Data sources passed on the command line (via -c source), ignoring
      source= definitions in the Kismet config file.
INFO: Probing interface 'wlan0' to find datasource type
...
INFO: Found type 'linuxwifi' for 'wlan0:channels="4,5,6"'
...
INFO: Data source 'wlan0:channels="4,5,6"' launched successfully
INFO: Detected new 802.11 Wi-Fi device AC:D5:64:3B:A7:BB
^C
*** KISMET IS SHUTTING DOWN ***
Shutting down plugins...
...
Kismet exiting.

Starting Kismet as a daemon:

kali@kali:~$ sudo kismet --daemonize
Silencing output and entering daemon mode...
INFO: Including sub-config file: /etc/kismet/kismet_httpd.conf
INFO: Including sub-config file: /etc/kismet/kismet_memory.conf
INFO: Including sub-config file: /etc/kismet/kismet_alerts.conf
INFO: Including sub-config file: /etc/kismet/kismet_80211.conf
INFO: Including sub-config file: /etc/kismet/kismet_logging.conf
INFO: Including sub-config file: /etc/kismet/kismet_filter.conf
INFO: Including sub-config file: /etc/kismet/kismet_uav.conf
INFO: More than one override file included; Kismet will process them in the order they were defined.
INFO: Loading config override file '/etc/kismet/kismet_package.conf'
INFO: Optional sub-config file not present: /etc/kismet/kismet_package.conf
INFO: Loading config override file '/etc/kismet/kismet_site.conf'
INFO: Loading optional sub-config file: /etc/kismet/kismet_site.conf
INFO: Setting server UUID 00000000-0000-0000-0000-4B49534D4554
INFO: Serving static content from '/usr/share/kismet/httpd/'
INFO: Serving static userdir content from '/root/.kismet/httpd/'
INFO: Loading saved HTTP sessions
INFO: Opened OUI file '/usr/share/kismet/kismet_manuf.txt
INFO: Indexing manufacturer db

Web Interface

Web Interface is available on localhost:2501 by default.

OUI database can be found at /usr/share/kismet/kismet_manuf.txt

Securing the Web Interface

Restricting access, changing from listening on all interfaces to only our loopback:

kismet_site.conf
log_prefix=/var/log/kismet/
log_types=kismet,pcapng
httpd_bind_address=127.0.0.1

Remote Capture

To enable remote capture, we need to setup an SSH tunnel to the server or configure the remote instance of Kismet to listen on a specific network interface. Starting a Kismet server without a data source on Kali:

kali@kali:~$ sudo kismet
...
INFO: Launching remote capture server on 127.0.0.1:3501
INFO: No data sources defined; Kismet will not capture anything until a
      source is added.
INFO: Opened kismetdb log file '/var/log//Kismet-20200917-15-18-55-1.kismet'
INFO: Saving packets to the Kismet database log.
INFO: Opened pcapng log file '/var/log/kismet//Kismet-20200917-15-18-55-1.pcapng'
ALERT: rootuser Kismet is running as root; this is less secure.  If you
       are running Kismet at boot via systemd, make sure to use `systemctl
       edit kismet.service` to change the user.  For more information, see
       the Kismet README for setting up Kismet with minimal privileges.
INFO: Starting Kismet web server...
INFO: Started http server on port 2501

Establishing a SSH tunnel with port 8000 forwarded:

kali@kaliremote:~$ ssh kali@192.168.62.192 -L 8000:localhost:3501
kali@192.168.62.192's password:
Linux kali 4.19.0-kali5-amd64 #1 SMP Debian 4.19.37-6kali1 (2019-07-22) x86_64

The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Sep 16 10:21:11 2020 from 192.168.62.219
kali@kali:~$

Starting a remote capture:

kali@kaliremote:~$ sudo kismet_cap_linux_wifi --connect 127.0.0.1:8000 --source=wlan0
INFO - Connected to '127.0.0.1:8000'...
INFO - 127.0.0.1:8000 starting capture...

Log Files

Command line switches related to logging:

 -T, --log-types <types>      Override activated log types
 -p, --log-prefix <prefix>    Directory to store log files
 -n, --no-logging             Disable logging entirely

Using sqlite3 to interact with the database:

kali@kali:~$ sudo sqlite3 /var/log/kismet/Kismet-20200917-18-45-34-1.kismet
SQLite version 3.33.0 2020-08-14 13:23:32
Enter ".help" for usage hints.
sqlite> .tables
KISMET       data         devices      packets
alerts       datasources  messages     snapshots

Let's quickly review each table.

  • The KISMET table contains the database version and which version of Kismet created the log file.

  • The alerts table contains any alerts or WIDS issues.

  • The data table contains records that are not packet related, such as SDR data.

  • The datasources table contains information about the data sources used to capture data.

  • The devices table contains information about the devices Kismet was able to identify.

  • The messages table contains informational messages, such as those displayed in the console or web application.

  • The packets table contains the raw packets captured by Kismet. The table can contain multiple DLTs.

  • The snapshots table contains time-based information.

Schema for the devices table:

sqlite> .schema devices
CREATE TABLE devices (first_time INT, last_time INT, devkey TEXT, phyname TEXT, devmac TEXT, strongest_signal INT, min_lat REAL, min_lon REAL, max_lat REAL, max_lon REAL, avg_lat REAL, avg_lon REAL, bytes_data INT, type TEXT, device BLOB, UNIQUE(phyname, devmac) ON CONFLICT REPLACE);

Let's review the columns.

  • The first_time and last_time columns contain when Kismet saw a device, the first time and last time, respectively.

  • The devkey column contains a unique identifier for each device.

  • The phyname column contains the physical layer for the device.

  • The devmac column contains a device's MAC address.

  • The strongest_signal column contains the strongest recorded signal for the device.

  • The min_lat, max_lat, and avg_lat columns contain the minimum, maximum, and average latitude values for the device.

  • The min_lot, max_lot, and avg_lot contain the minimum, maximum, and average longitude values.

  • The bytes_data column contains the number of bytes of data seen for the device.

  • The type column contains a human readable value for the physical layer device type.

  • Finally, the device column contains a JSON version of the device record, which can be quite lengthy.

Getting MAC addresses from the devices table:

sqlite> .headers on
sqlite> select type, devmac from devices;
type|devmac
Wi-Fi AP|67:CB:81:07:A7:57
Wi-Fi Device|E0:46:9A:29:49:F9
Wi-Fi Client|64:B0:A6:D9:73:52
Wi-Fi Device|AC:D5:64:3B:A7:BB
Wi-Fi AP|5B:5C:79:0B:A8:F2
Wi-Fi AP|D5:89:1D:35:20:62
Wi-Fi Client|00:0F:13:F6:A7:A6

sqlite one-liner:

kali@kali:~$ sudo sqlite3 /var/log/kismet/Kismet-20200917-18-45-34-1.kismet "select type, devmac from devices;"
Wi-Fi AP|67:CB:81:07:A7:57
Wi-Fi Device|E0:46:9A:29:49:F9
Wi-Fi Client|64:B0:A6:D9:73:52
Wi-Fi Device|AC:D5:64:3B:A7:BB
Wi-Fi AP|5B:5C:79:0B:A8:F2
Wi-Fi AP|D5:89:1D:35:20:62
Wi-Fi Client|00:0F:13:F6:A7:A6

Reading Log Files

Processing a PcapNg file with Kismet:

kali@kali:~$ sudo kismet -c Documents/Network_Join_Nokia_Mobile.pcap:realtime=true
...
INFO: Pcapfile 'Documents/Network_Join_Nokia_Mobile.pcap' will replay in
      realtime
INFO: Data source 'Documents/Network_Join_Nokia_Mobile.pcap:realtime=true'
      launched successfully
INFO: Detected new 802.11 Wi-Fi access point 00:01:E3:41:BD:6E
INFO: 802.11 Wi-Fi device 00:01:E3:41:BD:6E advertising SSID 'martinet3'
INFO: Detected new 802.11 Wi-Fi device 00:01:E3:42:9E:2B
INFO: Detected new 802.11 Wi-Fi device 00:15:00:34:18:52
INFO: Detected new 802.11 Wi-Fi device 00:16:BC:3D:AA:57
ALERT: noclientmfp IEEE80211 network BSSID 00:01:E3:41:BD:6E client
       00:16:BC:3D:AA:57 does not support management frame protection
       (MFP) which may ease client disassocation or deauthentication
^C
*** KISMET IS SHUTTING DOWN ***
Shutting down plugins...
...

Exporting Data

Pcap

Checking datasources in a kismet file:

kali@kali:~$ kismetdb_to_pcap --in Kismet-20200917-18-45-34-1.kismet --list-datasources
Datasource #0 (5FE308BD-0000-0000-0000-26C65C9CEA7A wlan0 wlan0) 104 packets
   DLT 127: IEEE802_11_RADIO 802.11 plus radiotap header

Converting a kismet file to a PcapNg file:

kali@kali:~$ kismetdb_to_pcap --in Kismet-20200917-18-45-34-1.kismet --out sample.pcapng --verbose
* Preparing input database 'Kismet-20200917-18-45-34-1.kismet'...
* Found KismetDB version 6
* Collecting info about datasources...
* Opening pcapng file sample.pcapng
kali@kali:~$

JSON

Using kismetdb_dump_devices to create a .json file:

kali@kali:~$ kismetdb_dump_devices --in /var/log/kismet/Kismet-20200917-17-45-17-1.kismet --out sample.json --skip-clean --verbose
* Preparing input database '/var/log/kismet/Kismet-20200917-17-45-17-1.kismet'...
* Found KismetDB version 6 6 devices
* 17% Processed 1 devices of 6
* 34% Processed 2 devices of 6
* 51% Processed 3 devices of 6
* 67% Processed 4 devices of 6
* 84% Processed 5 devices of 6
* 101% Processed 6 devices of 6
* Processed 6 devices
* Done!
PreviousModule 14: Determining Chipsets and DriversNextModule 16: Manual Network Connections

Last updated 7 months ago

🛜