Kismet Drones

view full story

http://linux.bihlman.com – This Kismet tutorial provides a basic framework for using Kismet drones. Kismet is an 802.11 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic (devices and drivers permitting). Kismet also sports a plugin architecture allowing for additional non-802.11 protocols to be decoded. Kismet identifies networks by passively collecting packets and detecting networks, which allows it to detect (and given time, expose the names of) hidden networks and the presence of non-beaconing networks via data traffic. Kismet Drones are designed to turn Kismet into a distributed IDS system. Drones support all of the capture methods Kismet normally supports, including multiple capture devices per drone. Drones capture wireless data and forward to a Kismet server over a secondary connection (ie, wired Ethernet). Drones do not do any decoding of packets and have minimal hardware requirements. A Kismet server connects to the drones and will provide a single Kismet UI display, packet dump, and alert generation point. Capture sources on remote Kismet drones are forwarded to the Kismet server and appear as independent capture devices which can be configured for channel hopping, locking, etc. Using the tun/tap export function, the central Kismet server can export the packets from all attached drones to a virtual network interface for use with external IDS/packet capture systems (such as Snort). To start using Drones, launch the kismet_drone process on a remote system (editing the kismet_drone.conf file to control what hosts are allowed to connect) or turn on drone capabilities in the Kismet server (by enabling the drone config options in kismet_server.conf). When running a kismet_server instance as a drone, local logging will act as usual and Kismet clients can be connected to the server as normal; When running kismet_drone, Kismet clients cannot connect directly to it, and it will not log, a Kismet server instance must be started to provide packet decoding, logging, and Kismet UI connectivity. (General)