Kali learning | Wireless penetration: 7.1 Kismet wireless network sniffer tools
Kismet Introduction
To wireless network penetration tests, you must scan all valid wireless access point.
Just Kali Linux, there is provided a wireless network sniffing tools Kismet.
The tool can be measured using radio signals around and see all available wireless access points.
Steps
(1) Start Kismet tool. Run follows:
root@kali:~#kismet
After executing the above command, the display interface shown in FIG.
(2) This interface is used to set whether the terminal is the default color. Because Kismet default color is gray, some terminals may not be displayed. As used herein, the default colors, choose Yes, the display interface shown in FIG.
(3) The screen prompts are using the root user to run Kismet tool. At this time, select OK, the display interface shown in FIG.
(4) This screen asks if you want to automatically start Kismet service. Here choose Yes, the display interface shown in FIG.
(5) The screen shows some of the information set Kismet services. As used herein, default settings, and select the Start, the display interface shown in FIG.
(6) This screen shows the package resources are not defined, if you want to add now. Here choose Yes, the display as shown in
the interface illustrated.
(7) designated wireless network interface and the interface description information. In Intf, enter the wireless network interface. If the wireless network card is in listening mode, you can enter wlan0 or mon0. Additional information may not be added. Then click the Add button, the display interface shown in FIG.
(8) Close Console Window select button in the screen, the screen displayed as shown in FIG.
(9) information of the display screen, that is, the signal is a wireless network sniffer. After running some time, stop changes. In this interface, click Kismet menu option and select Quit command interface as shown in FIG.
(10) Press the Quit command, the display interface shown in FIG.
(11) Click Kill In this interface, the service will stop Kismet and exit the terminal mode. In this case, the terminal will display some log information as follows:
From KISMET IS SHUTTING DOWN portion of the above information, some will see the closed log file.
These log files, saved by default in the / root / directory.
In these log files, it shows the time the log was generated.
When running Kismet many times or days, these times are very helpful.
Next above to analyze captured data.
Switch to the / root / directory and use the ls command to view the log file generated above.
Run shown as follows:
From the information outputted, the log file can be seen that there are five, and using a different extension.
Kismet all the information generated by the tool, are stored in these files.
The following describes the format in these documents.
- alert: This file includes all warnings.
- gpsxml: If you use a GPS source, GPS-related data is saved in the file.
- nettxt: includes all text output information collected.
- netxml: includes all data in XML format.
- pcapdump: capturing a data packet including the entire session.
PCAP signal frame analysis
(1) Start Wireshark. Run follows:
root@kali:~# wireshark &
(2) Open pcapdump file. Wireshark FilelOpen select command interface menu bar, the display interface shown in FIG.
(3) Select tool Kismet pcapdump file captured at the interface, and then click the "Open" button, the screen displayed as shown in FIG.
(4) can be seen from this screen, Kismet to scan all of the wireless network packets. Beacon packet is a packet radio basic management device for transmitting signaling to other services.
Kismet analysis of Text file
In Linux, you can use a variety of text editor to open nettxt file, or use the cat command to view the file contents.
Linux below using the default text editor to open nettxt file, as shown in FIG.
From this screen you can see nettxt file has a lot of information, lists each scanned wireless networks. Each
wireless network has a tag, and lists for each client to connect to the wireless network, as illustrated in FIG.
A Clientl be seen from the interface, the MAC address is 00: c1: 40: 76: 05: 6c. It represents a MAC address 00: c1: 40: 76: 05: 6c client to connect to a wireless access point.
Reference books: "Kali Linux penetration testing technology explain"
