Monitoring Wi-Fi Signals with Kismet

Objective

Learn how to use Kismet, a wireless network monitoring tool, to capture and analyze Wi-Fi signals and understand how to monitor network activity effectively.

Purpose

Kismet is a powerful tool for capturing and analyzing Wi-Fi signals. It passively detects wireless networks, devices, and their activity without actively transmitting. This lab demonstrates how to use Kismet to monitor Wi-Fi signals and gain insights into network activity.

Tools Required

• Kali Linux (or any Linux distribution with Kismet installed).
• A Wi-Fi adapter capable of monitor mode (e.g., Alfa AWUS036NHA).

Lab Topology

• Kali Linux: Running Kismet.
• Wi-Fi Network: Target network(s) to monitor.

Walkthrough

Task 1: Installing Kismet

1. Verify Installation:
   • Check if Kismet is installed:

     kismet -v
     

   • If not installed, install it using:

     sudo apt update && sudo apt install kismet -y
     

2. Start Kismet:
   • Launch Kismet:

     sudo kismet
     

   • Open a browser and navigate to:

     http://localhost:2501
     

Task 2: Configuring Kismet

1. Set Up Wi-Fi Adapter:
   • Ensure your Wi-Fi adapter supports monitor mode.
   • Identify the adapter using:

     iwconfig
     

2. Enable Monitor Mode:
   • Put the adapter into monitor mode:

     sudo ip link set <interface> down
     sudo iw <interface> set monitor control
     sudo ip link set <interface> up
     

     Replace <interface> with your Wi-Fi adapter name (e.g., wlan0).

3. Add the Wi-Fi Source to Kismet:
   • Configure the adapter in the Kismet interface:
     • Navigate to Sources > Add Source.
     • Select your Wi-Fi adapter from the list.
     • Click Add Source.

Task 3: Capturing Wi-Fi Signals

1. Start Capturing:
   • Once the source is added, Kismet will begin capturing Wi-Fi signals.
   • View live data in the Networks tab.
2. Monitor Networks:
   • Observe networks detected in your area.
   • Key details:
     • SSID: Network name.
     • BSSID: MAC address of the access point.
     • Channel: Frequency channel used by the network.
     • Signal Strength: Indicates proximity to the network.
3. Identify Connected Devices:
   • Navigate to the Devices tab to view clients connected to access points.
   • Look for details like device MAC addresses and manufacturer information.

Task 4: Analyzing Captured Data

1. Save Captured Data:
   • Save the session for later analysis:

     sudo kismet -c <interface>,<file_name>.kismet
     

     Replace <interface> with your Wi-Fi adapter name and <file_name> with a desired filename.

2. View Traffic Details:
   • Analyze captured packets directly in Kismet or export them for use with tools like Wireshark:

     wireshark <file_name>.pcap
     

3. Look for Anomalies:
   • Identify unusual activity such as hidden networks, unauthorized devices, or overlapping channels.

Task 5: Securing Wi-Fi Networks

1. Use Strong Encryption:
   • Ensure your network uses WPA3 or WPA2 encryption.
2. Disable WPS:
   • Turn off Wi-Fi Protected Setup (WPS) to prevent brute-force attacks.
3. Monitor for Rogue Devices:
   • Use tools like Kismet to regularly check for unauthorized access points or devices.
4. Change Default Settings:
   • Modify the default SSID and admin credentials of your access point.
5. Enable MAC Filtering (Optional):
   • Restrict access to known devices using MAC filtering.

Best Practices

1. Use Authorized Devices Only:
   • Ensure you have permission to monitor Wi-Fi networks.
2. Combine Tools:
   • Use Kismet alongside other tools like Aircrack-ng for comprehensive wireless security testing.
3. Document Findings:
   • Record observations for security audits or troubleshooting.
4. Regularly Update Tools:
   • Keep Kismet and other tools updated to detect new vulnerabilities.

Key Takeaways

1. Kismet is a passive tool for monitoring Wi-Fi signals and detecting network activity.
2. Regular monitoring helps identify vulnerabilities and unauthorized devices.
3. Securing Wi-Fi networks involves encryption, monitoring, and restricting access.

Troubleshooting Tips

1. No Networks Detected:
   • Ensure the Wi-Fi adapter is in monitor mode.
   • Check if the correct interface is added as a source in Kismet.
2. Kismet Interface Not Loading:
   • Restart Kismet and verify that port 2501 is accessible.
3. Adapter Compatibility Issues:
   • Confirm that your Wi-Fi adapter supports monitor mode and packet injection.

By completing this lab, you now understand how to use Kismet to monitor Wi-Fi signals and ensure network security.