Key ingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Figure 3: Screenshot of MiniStumbler, by Marius Milner, from http://home.pacbell.net/mariusm/
Kismet – Linux
Kismet (http://www.kismetwireless.net), by Mike Kershaw, is different from MacStumbler, NetStumbler, and MiniStumbler because it is completely passive. Kismet does not send probe requests. Instead, it just listens for access point beacons and network traffic that is traveling through the air. This allows Kismet to also detect “cloaked” wireless access points that are transmitting data, but not emitting beacon packets. In order to achieve this passive behavior, Kismet requires that the wireless LAN card be put into a monitor mode. Up until recently, only the Prism and Aironet- based wireless LAN cards were able to support monitor mode. However, a patch has been created for Linux that allows the Hermes-based cards to achieve monitor mode (Snax, p.1).
Kismet functions on computers and PDAs loaded with the Linux operating system.
Kismet contains the following features:
© SANS Institute 2002, Author retains full rights.
Passive scanning for wireless access points Detects “cloaked” access points GPS support Logs access points to Kismet log files (CSV, XML, GPS) K e y i n g e r p r i n t = A F 1 9 F A 2 7 2 F 9 4 9 9 8 D F D B 5 D E 3 D F 8 B 5 0 6 E 4 A 1 6 9 4 E 4 6 L o g s r a w p a c k e t d a t a t o . d u m p f i l e s I n c l u d e s ‘ K i s m e t t o C W G D ’ c o n v e r t e r p r o g r a m a n d g p s m a p m a p p i n g p r o g r a m
© SANS Institute 2002,
As part of the Information Security Reading Room.
Author retains full rights.