USING "KISMET" TO ANALYZE WI-FI  ACCESS POINTS AND THEIR CLIENT COMPUTERS

 

High-level Summary:

"Kismet" is an open-source, free software application for viewing and analyzing all Wi-Fi networks within the vicinity. Unlike most other wireless analysis tools, "Kismet" shows show the wireless access points AND the wireless client computers that are connected to each wireless access point. "Kismet" comes in both "Windows" and "Linux" versions. The Windows version of "Kismet" is expensive to use because you have to buy a "WinPcap" wireless adapter for it. The Linux version of "Kismet" can be operated from a bootable "BackTrack Linux" Live DVD.

 

 

 

BASICS OF USING "KISMET" FOR WINDOWS

 

Running the "Kismet" for Windows software application requires the installation of an "AirPcap" wireless adapter.

You can purchase an "AirPcap" from

http://www.cacetech.com/products/airpcap.html

For viewing 802.11a, b, g, and n wireless networks, you will need the "Nx" model for about 700 dollars.

 

The Windows version of "Kismet" can be downloaded for free from:

http://www.cacetech.com/downloads.html

 

 

 

BASICS OF USING "KISMET" FOR LINUX

 

The "Linux" version of "Kismet" is much cheaper for you to use. "

 

To analyze Wi-Fi networks with "Kismet", you can boot up any Intel or AMD-based Windows computer with a "BackTrack Linux" LiveDVD.  To download the .iso file for

 

 

You need to have any standard Wi-Fi adapter that is mentioned at

http://www.kismetwireless.net/documentation.shtml

"Kismet" can use any wireless adapter that is in this document, regardless of whether the wireless adapter is integrated on a motherboard, or attached via a PCI, PCIe, PC Card, or ExpressCard bus port.

 

Francis stated that he has been able to use the following Wi-Fi adapters:

laptop motherboard-based Atheros AR928X (capable of using 802.11b,g,n),

USB-based Trendnet TEW-424UB (capable of using 802.11b,g),

and

Realtek 8187B (capable of using 802.11b,g).

 

The Web site for "Kismet" is located at

http://www.kismetwireless.net

 

 

The Web site for "BackTrack Linux" is located at

http://www.backtrack-linux.org

 

 

 

 

STEP-BY-STEP INSTRUCTIONS FOR RUNNING  "KISMET" FROM A "BACKTRACK LINUX" LIVEDVD

 

Step 1:

Download the iso image file for "BackTrack Linux 4" from

http://www.backtrack-linux.org/downloads

 

 

The file that you will be downloading is called

bt4-final.iso

It is 1570 megabytes in size.

 

Step 2:

Use the bt4-final.iso file to burn a DVD disk.

 

Step 3:

Insert the "BackTrack Linux" LiveDVD into the DVD/CD drive of your Windows computer.

 

Step 4:

Power up the computer.

 

Step 5:

Use the tab key of your keyboard to select

"Start BackTrack Graphical Mode from RAM":

 

 

Then you will see the following:

 

 

Finally, the Linux command prompt will be displayed:

 

Step 6:

When the Linux command prompt is displayed, type in

  startx

    in all lower case letters:

 

 

Step 7:

Press the <Enter> key of your keyboard.

 

 

The KDE desktop environment of "BackTrack Linux" will be displayed:

 

 

Step 11:

Click on "Start Network".

 

 

 

Step 8:

Click on the KDE "Start" button:

 

 

 

Step 9:

Click on "BackTrack":

 

 

 

Step 10:

Click on "Radio Network Analysis":

 

 

 

Step 11:

Click on "80211":

 

 

Step 12:

Click on "All":

 

 

 

Step 13:

Click on "Kismet".

 

 

 

 

 

 

Step 14:

You will now be configuring "Kismet" from a "semi-graphical" environment.

Use the tab key to highlight the "No" if you cannot see the line of gray letters.

Otherwise, leave the "Yes" highlighted.

 

Step 15:

Press on the <Enter> key once

 

 

 

Step 16:

Press on the <Enter> key once to acknowledge that "Kismet is running as root".

 

 

Step 17:

Press on the <Enter> key once to "Automatically start Kismet server".

 

 

 

Step 18:

Press on the <Enter> key once to verify that you want to "Start Kismet Server".

 

 

 

 

Step 19:

Press the <Enter> key to verify that you can to "Add a capture source":

 

 

Step 20:

Type in

    wlan0

       in the "Intf" field.

 

 

Step 21:

Press the <Tab> key once:

 

Step 22:

Type in

   wlan0

    in the "Name" field:

 

 

Step 23:

Press the <Tab> key once:

 

 

Step 24:

Press the <Tab> key again:

 

 

 

Step 25:

Press the <Enter> key once:

 

 

(After "Kismet" recognizes the wlan0 "interface" it will generate the following unneeded virtual interfaces:

       "wlan0mon",

       "wlan0monmon",

        and

       "wmaster0".

These three additional Wi-Fi interfaces are all actually based on the initial "wlan0" interface.)

 

 

Step 26:

When "Close Console Window" is displayed at the lower right hand corner of the "Shell - Kismet" window, press the <Tab> key of the keyboard once to highlight "Close Console Window":

 

 

Step 27:

Press the <Enter> key once:

 

 

 

A list of wireless access points will be displayed in the upper left hand quadrant of the "Shell - Kismet" window

 

 

 

 

 

Step 28:

Click on "View" on the pull-down menu:

 

 

 

 

Step 29:

Click on "Monitor for Activity":

 

 

Step 30:

Click on the "Minimize" button near the upper right-hand corner of the "Shell - Kismet" window:

The "BackTrack Linux" desktop will be displayed:

 

 

 

Step 31:

Note that various report files have been placed on the desktop.

"Kismet" will automatically update the report files on the KDE "desktop".

You can only open the text reports that show text in the icon.

The report files that are lower and to the right are more recent that the report files that are higher and to the left.

Double-click on the most recent report file on the desktop:

 

 

 

Step 32:

A "Session Chooser - Kate" box will be displayed:

 

 

Step 33:

Click on the "Open Session" button:

 

 

 

Step 34:

A "Default Session.." window will be displayed.

 

 

 

ANALYZING WIRELESS ACCESS POINTS AND THEIR CLIENT COMPUTERS IN A "KISMET" REPORT

 

 

A "Kismet" report provides a detailed list of all wireless access points and all of their associated wireless client computers:

 

Each listed wireless access point is identified with a "Network number" that is arbitrarily assigned by the Kismet software application:

 

 

 

Following the basic information about the wireless access point, there is a list of channels and frequencies that are utilized by the wireless access point:

 

*

*

 

Finally, there is a list of client computers that are wirelessly-connected to the wireless access point:

 

For each wireless access point, one of the "clients" in a text report is always the access point itself.

If your wireless access point is attached to or part of a router, any "Ethernet switch" devices and any other devices that are connected via a Cat 5/5e/6 cable to the router will also show up as a "client".

In the client list, the wireless point  and any devices that are connected to it via a wireless connection will have a "Channel" of 0 (zero).

Ignore clients that show a "channel" number of 0.

If a client is an actual wireless client of an access point, it will show a "channel" number that is greater than zero.

 

 

 

If your wireless access point is attached to or part of a router, any "Ethernet switch" devices and any other devices that are connected via a Cat 5/5e/6 cable to the router will also show up as a "client".

In the client list, the wireless point point and any devices that are connected to it via a wireless connection will have a "Channel" of 0 (zero).

Ignore clients that show a "channel" number of 0.

If a client is an actual wireless client of an access point, it will show a "channel" number that is greater than zero.

 

If they are moved to a Windows environment, the report files that are generated by Kismet can be opened by either "Wordpad" or "Openoffice.org Writer".