Wednesday, April 09, 2008

Wireless Network Security: How to Use Kismet

Kismet is a wireless network detector / sniffer which can give you a vast amount of information about wireless networks. Wireless network security flaws are well documented but often very hard for the common person to understand. I will be showing you how to use kismet with out even having to install Linux, or compile kismet.

First you need to proceed to remote-exploit.org and download and burn their Auditor CD. (IF you don’t know how to burn an ISO image, go to Google). This version of Linux doesn’t install or modify your hard drive; it will boot from the CD and use a Ram Drive (On your Memory).

Auditor is not only a great tool for testing wireless network security with kismet but it also has many other computer security tools on it as well.

Client Window

Next, to start Kismet proceed to the Linux version of the start menu, and press Auditor. Now proceed to the wireless /scanning/kismet tools/kismet.

Once you click on Kismet it will ask you for a default location to place the Kismet log files for analyzing later, just press the desktop or temp file.

Now I will show you how to use Kismet. When kismet initially opens you will see a greenish box with numbers and network names (If any are near you) clicking away don’t be overwhelmed. (Also I can’t show you how to use kismet if you don’t have the correct wireless adapter, get an ORINICO Gold Classic Card off EBAY.) The Orninco gold classic card will be automaticly detected by auditor linux.

The Kismet columns will show the wireless networks SSID (Name), Type of device (Access point, gateway) Encryption or no Encryption, an IP range and number of packets. Kismet will pick up hidden networks with SSID broadcast Disabled also, Netstumbler will not.

Now Press H, to bring up the Help Menu. This will give the nuts and bolts on how to use kismet. If you tab down to the network you are auditing and press “C”, Kismet will show you all the computers that are using that wireless access point / gateway. This Kismet screen will show you the clients MAC address, Manufacture of Wireless Adapter, IP address range and traffic.

Kismet: Help Menue

Now to get out of that screen press “Q”. Tab Down on the Main Kismet Screen to another SSID and press “I”. This Kismet window will show detailed information about the wireless network. The Kismet detail screen will show the type of network (Infrastructrure / Adhoc), signal strength, channel, encryption type, and much more.

Kismet will also give you sound alerts when new wireless networks are discovered or security alerts or suspicious clients are in range. Suspicious clients would be people like you who are using Kismet or Networkstumbler. Unlike you these could be Wardrivers looking for venerable networks to hack into.

Kismet Alert Page

You can prevent War drivers from discovering your wireless network by performing a proper site survey which will help limit signal bleed off to unneeded areas. You should write down the suspicious MAC address and keep an eye on your access logs. If the War Drivers are really stupid just look out your window and look for cars with weird antennas.HA HA HA.

Kismet is more than just a tool to discover wireless networks; it can be used in conjunction with other tools to crack WEP/WPA. Many websites will claim that WEP can be cracked in less that five minutes. This is only half the truth because it could take many hours,days,months to gather enough packets to crack. Good luck and have fun learning the more advanced applications of kismet.