Kismet 2019-08-R2 releases: wireless network detector, sniffer, intrusion detection system

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and inferring the presence of nonbeaconing networks via data traffic.

Kismet supports logging to the wtapfile packet format (readable by tcpdump and ethereal) and saves detected
network informat as plaintext, CSV, and XML. kismet is capable of using any GPS supported by gpsd and logs and
plots network data.
kismet is divided into three basic programs, kismet_server kismet_client, and gpsma.

Changelog 2019-08-R2

Bugfixes and related

  • The entire IO stack now uses a single thread per object (pollable, buffer, buffer dispatch, and final protocol element now share a single mutex), which should minimize the ability for multiple IO events to conflict.
  • Packets are now processed by a single thread instead of a thread per CPU core; with the new views-based optimizations a packet processor can no longer hold a lock on a device while searching related devices. It’s unclear how much multi-threading the packet processing actually helped due to contention between device locks.
  • TCP server now generates a unique pollable object (and associated mutex chain) for each remote datasource connection; previously it used a collective mutex for all TCP IO and processed data in the TCP server object, breaking the one-lock-per-io-object-chain model.
  • Massive refactor of all methods and classes to unify a consistent naming convention w/in the code using snake_case_naming. Over the previous 20 years or so the codebase ended up with a mix of CamelCase, Upper_Case, and snake_case_names.
  • Some jankiness in the UI as to how it handled channel setting datasources; it should now be much more reliable to lock a source and change channels via the UI.
  • Some jankiness in the UI as to how it handled cloaked SSIDs and empty SSIDs full of spaces.

New features and improvements

  • Overall less RAM used high-device-count environments thanks to new field aliasing internals that allow aliasing the last-beaconed and last-probed SSID records instead of copying the SSIDs. When handling tens of thousands of devices, every byte counts.
  • Tunable buffer sizes via ipc_buffer_kb and tcp_buffer_kb for extreme low-memory systems (like the Pineapple Tetra and other OpenWRT devices); this can reduce the base memory requirements from 2MB/datasource to significantly less.
  • Introduction of kismet_package.conf which allows packagers to include platform-specific overrides without clobbering the user-controlled kismet_site.conf file.
  • 802.11e / QBSS associated station and channel usage columns in the UI; to enable them to go to the ‘Hamburger menu’ in the top left, Settings, Device List Columns.
  • Python3 packages now renamed to python3-kismetxyz instead of python-kismetxyz, and the ‘replaces’ option is flagged to automatically deprecate the old packages.
  • New WIDS alert for the Qualcomm extended capability vulnerability reported at Blackhat.

Known bugs

  • Adding a column to the device view can break being able to click on a device to get details. This can be worked around by refreshing the web page after adding the device column and saving your settings.

Download && Tutorial

Copyright (C) 2017 kismetwireless

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services