Kismet Primer Guide

Posted by William
This is a quick and dirty shakedown of the Kismet interface and key shortcuts. The key for the command will be presented followed by its description in parenthesis. Before continuing it is important you sort the network list so you can select networks. Press the S (Sort) key and choose how you want the network list organized by pressing the key that corresponds to the sort method.

Below is a screenshot of kismet showing three different types of networks.
Kismet_blog.jpg

  • Two Encrypted Networks (SSID: 2WIRE521, 2WIRE514) using WEP
  • One Hidden Encrypted Network (SSID: Zemfira) using WPA
  • One unencrypted network with no SSID

Interface Overview

Ok using the above image as reference starting from left to right the Kismet basic interface consists of:
- Name : SSID of network
- T : Type of network
- W : Identifies if network is secured or not
- Ch : Channel on which the Access Point is on
- Packts : Number of packets captured
- Flags : Method in which IP was gathered (ex. A4 means IP was learned through ARP packet)
- IP Range : IP of the network
- Size : Total size of packets gathered from the Access Point

Identifying Security

Secured networks are always shown in green and the W column shows either Y (Yes) for WEP or O (Other) if any another type of security is used such as WPA/TKIP/LEAP/EAP/TLS. When you see an O in the W column select the network and press the I (Network Information) key and scroll down to the Encrypt : field and the specific type of security used is listed.

Color Coding

Kismet colors the networks listed to make it easier to identify its configuration. The following are the possible color combinations:
- Yellow : Unencrypted network
- Red : Networks this color are still using factory defaults
- Green : This identifies secured networks using either WPA, WEP, or another form of security
- Blue : These are hidden networks which can either be open or encrypted so check the W column

Network Type

The T (Type) column can list six possible wireless network types.
- A (Access Point) - normal wireless access point
- H (Ad-Hoc) - ad-hoc point-to-point wireless network
- P (Probe request) - A wireless client that is not associated but is searching for a network
- D (Data) - Data network
- T (Turbocell) - Turbocell network
- G (Group) - Group of wireless network. Not exactly a network type but you have the option to group networks together

Additional List of Options

Kismet has oodles of options to use so here is a command reference that is self explanatory.
e - Open popup window of Kismet servers. This lets you simultaneously monitor two or more Kismet servers on different hosts.
z - Zoom network display panel to full screen (or return it to normal size if it is already zoomed)
m - Mute sound and speech if they are enabled (or unmute them if they were previously silenced). You must have sound or speech enabled in your config to be able to mute or unmute them.
t - Tag (or untag) the current network
g - Group currently tagged networks
u - Ungroup current group
c - Open client popup window to display clients in the selected network
n - Rename selected network or group
i - Display detailed information about the current network or group
s - Sort the network list differently
l - Show signal/power/noise levels if the card reports them
d - Instruct the server to start extracting printable strings from the packet stream and display them.
r - Display bar graph of the packet rate.
a - Show statistics about packet counts and channel allocation.
p - Display packet types as they are recieved.
f - Follow the estimated center of a network and display a compass
w - Display all previous alerts and warnings.
~William

Free Projects