Scribd
Upload
247 views15 pages

Wireless Security Tools - Kismet & Etherape

Kismet and Etherape are wireless security tools. Kismet is a wireless network detector, sniffer, and intrusion detection system that can passively collect packets and detect standard and hidden wireless networks. It has a server-client architecture allowing for distributed intrusion detection. Etherape visually maps network traffic and can help identify issues like viruses or anomalous application behavior. Both tools are useful for monitoring wireless network activity and diagnosing potential problems.

Uploaded by

Alberto Marroquin
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
247 views15 pages

Wireless Security Tools - Kismet & Etherape

Kismet and Etherape are wireless security tools. Kismet is a wireless network detector, sniffer, and intrusion detection system that can passively collect packets and detect standard and hidden wireless networks. It has a server-client architecture allowing for distributed intrusion detection. Etherape visually maps network traffic and can help identify issues like viruses or anomalous application behavior. Both tools are useful for monitoring wireless network activity and diagnosing potential problems.

Uploaded by

Alberto Marroquin
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Wireless Security Tools: Kismet & Etherape

Sebastian Bttrich, wire.less.dk edit: March 2010

http://creativecommons.org/licenses/by-nc-sa/3.0/

What is kismet?
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Works in raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. It is passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and presence of nonbeaconing networks via data traffic.

Strengths
Server Client architecture Drones: distributed kismet servers running on remote devices, reporting back to central server, allow for the building of distributed reporting and intrusion detection systems Kismet is powerful - especially when combined with other tools like wireshark, nmap

Installing I
The following guide assumes you are on Ubuntu 9.10 / GNU/Linux - but works for other systems accordingly. Get kismet via apt-get (or synaptic) $aptgetinstallkismet edit /etc/kismet.conf Definition of sources is a must. Sources are defined as:
source=sourcetype,interface,name[,initialchannel]

For the list of sourcetypes, see the README or online documentation.

Installing II
$vi/ect/kismet.conf
source=sourcetype,interface,name[,initialchannel]

e.g. source=ipw3945,wlan0,my_internal_card start kismet $kismet

Start screen

What does Kismet show?


List of SSIDs Note: it also shows networks with hidden SSIDs / no beacons - just blank! If a client associates to those, you will also see the SSID.

What does Kismet show?


T = Type P A H T G D Probe request - no associated connection yet Access point - standard wireless network Ad-hoc - point to point wireless network Turbocell - Turbocell aka Karlnet or Lucent Router Group - Group of wireless networks Data - Data only network with no control packets

What does Kismet show?


W = Encryption Colour = Network/Client Type: Yellow Red Green Blue Unencrypted Network Factory default settings in use! Secure Networks (WEP, WPA etc..) SSID cloaking on / Broadcast SSID disabled

Options
(Some of the) Options: c h i s r a p Q Show clients in current network Help Detailed info about current network Sort network list Packet rate graph Statistics Dump packet type Quit

Network info

Client info

What is Etherape?
Etherape is not really a security tool, but it gives a very useful quick first view of traffic in your network. For example, in case you have a spam virus in your network, you will see this immediately. It also gives you a good feel for what various applications, such as skype or torrent clients, are doing to your network.

Etherape screenshot

That was it ... Thank you!


sebastian@less.dk http://wire.less.dk
Sebastian Bttrich, wire.less.dk edit: March 2010

http://creativecommons.org/licenses/by-nc-sa/3.0/

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy