Wireless Sniffer Kismet 2019-04-R1 Adds New Web UI, Support For Non-WiFi Captures

A new major Kismet version has been released, almost 3 years after the previous stable release. The new 2019-04-R1 version features a massively rewritten code base, a new web UI, support for non-WiFi capture types, and much more.

Kismet is a wireless network detector, package sniffer, and intrusion detection system. It works with any wireless card that supports raw monitoring (rfmon) mode, and can sniff 802.11a/b/g/n traffic.

With the latest Kismet version 2019-04-R1, the tool is no longer WiFi only, and it now includes support for Bluetooth, 433MHz sensors (like weather stations, TPMS tire pressure sensors, or wireless thermometers), ADSB aircraft data, AMR-based power meters, wireless keyboards and mice built with the nRF chipset, and more.

Kismet 2019-04-R1 includes a new web-based UI, which allows displaying more complex information, and is more flexible. It also makes it easy to access and configure Kismet from almost any device, be it desktop or mobile, and allow expanding the UI through plugins.

The new web UI provides a wide range of features - from displaying the list of devices with channel activity, alerts, etc., to showing device details with realtime graphs, adding device notes, search, and much more. These are screenshots of the latest Kismet 2019-04-R1 web UI:

Kismet wireless sniffer

Kismet wireless sniffer

Kismet

Kismet web ui

Kismet web ui

More changes in Kismet 2019-04-R1:

  • A new REST-like API
  • New lightweight remote capture system that supports massive numbers of remote radios
  • Massive data set support: Kismet now handles very large data sets, "scaling to over 300,000 devices in a single session on a server with 16 gig of RAM"
  • New KismetDB log format that combines device records, packet data, non-package data, system health, location, console messages and more, in a single log file.
  • Kismet now takes advantage of multi-core systems
  • Handling of modern WiFi devices for capture
  • Handling of modern WiFi standards for decoding
  • Live packet export
  • Alerts can be defined and triggered via REST endpoints

It's also worth noting that starting with this release, Kismet will attempt to move to a more frequency release cycle, possibly monthly or bi-monthly, so it can incorporate smaller features and improvements faster.

Installing and using Kismet


There are official Kismet repositories for Kali Linux, Debian, and Ubuntu, with the first two supporting Raspberry Pi 3 and 0w too. Ubuntu 19.04 is not yet supported. The instructions for adding the Kismet repositories and installing the tool can be found here.

I'm not sure about Kali Linux and Debian, but on Ubuntu I also had to install pyModeS using PIP to get the latest Kismet 2019-04-R1 to work (sudo apt install python-pip, and then pip install pyModeS).

After the installation, make sure you add your user to the kismet group:

sudo usermod -aG kismet $USER

And logout/login.

Now run kismet (don't run it with sudo):

kismet

Once it starts, point your web browser to http://localhost:2501 to access Kismet. Enter a new user and password, then from the Kismet web UI hamburger menu (in the top left-hand side of the web UI), click Data Sources and add a data source. Until you add a data source, Kismet will not be capturing any packets!

On other Linux distributions you'll have download the latest Kismet source release tarball and build it yourself. From what I could find online, it looks like the latest Kismet 2019-04-R1 has yet to be added to any official Linux distribution repositories.

It's worth mentioning that Kismet puts the WiFi in monitor mode, and some wireless cards can't be reset by simply turning wireless on/off, and the WiFi won't work after you stop using Kismet. In such cases you'll need to reboot the system to fix this. If you have a removable WiFi dongle, you can remove it and then plug it back in to reset it.

For everything else, check out the Kismet documentation.