Kismet on Raspberry Pi

Raspberry Pi Projects | Home

Installation and basic use of Kismet on a Raspberry Pi 3. Kismet is a wireless network detector, sniffer, and intrusion detection system.

View on GitHub GitHub Mark 32px

Requirements

This guide will start with a basic Raspbian build, connected to a wired network. Follow the RPi Initial Setup Guide to get started. A Raspberry Pi 2 may also be used.

For full Kismet usage, GPS should be available on the pi. Follow the GPS on Raspberry Pi 3 guide for GPS.

Parts List

Raspberry Pi 2 or 3
16GB (or larger) class 10 MicroSD card
GPS breakout (Adafruit Ultimate GPS Breakout - 66 channel w/10 Hz updates - Version 3)
USB Wifi with monitor mode (TP-Link WN722N WiFi)

Install Kismet

Kismet is a wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi (IEEE 802.11) networks, but can be expanded via plug-ins to handle other network types.

Install dependencies

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install gpsd gpsd-clients
sudo apt-get install libncurses5 libncurses5-dev
sudo apt-get install libnl1 libnl-dev
sudo apt-get install libpcap-dev libpcap0.8 libpcap0.8-dev

Match MAC addresses to manufacturers

cd ~/Downloads
wget -O manuf "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf"
sudo cp manuf /etc/

Download and extract Kismet

wget https://www.kismetwireless.net/code/kismet-2016-07-R1.tar.xz
tar -xf kismet-2016-07-R1.tar.xz
cd kismet-2016-07-R1

Make and install Kismet

./configure
make dep
make
Install with suid-root, sudo make suidinstall

Add user pi to group kismet

Allows the user pi to run kismet without using sudo.

sudo usermod -a -G kismet pi

Configure Kismet

sudo mkdir /var/log/kismet
sudo chmod 777 /var/log/kismet
sudo nano /usr/local/etc/kismet.conf

# Set the log prefix
logprefix=/var/log/kismet

# Set the wireless network source interface
ncsource=wlan0

# Change the write interval from 300 to 180 seconds
writeinterval=180

Interactive Kismet

Before starting kismet, make certain GPS is running and has a fix.

sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
Once it has a fix verify with cgps

Start kismet

kismet
Follow the prompts to start the server and view the UI.
When done, stop and exit kismet with [ALT][k] then [Q].

Headless Kismet

The kismet_server may be started as a daemon from the command line. This will make it available to client interactions and also start logging. No changes to the above configuration are needed. It is also possible to start kismet_server from boot but this is not my preference due to GPS Fix delays.

Start kismet_server /usr/local/bin/kismet_server --daemonize
Stop kismet_server killall kismet_server

GISKismet

Optional

GISKismet converts the data into a format viewable in Google Earth. GISKismet first converts the access point data from the Kismet data file into a SQLLite database and then into a KML data file. KML is the format used by Google Earth.

I do not plan on running GISKismet on the pi but instead on a more capable computer or cloud cluster.

Installation

Choose your location, cd ~/Downloads
Download giskismet, git clone https://github.com/xtr4nge/giskismet.git
Install prerequisites, sudo apt-get install libxml-libxml-perl libdbi-perl libdbd-sqlite3-perl
cd giskismet
perl Makefile.PL
make
sudo make install

Example commands

Add data from a kismet log file to a SQLLite database file.

giskismet -x /inputfile/Kismet-date.netxml --database /outputfile/wireless.dbl

Extract data from the SQLLite file to a KML file.

giskismet -q "select * from wireless" -o /outputfile/ex1.kml --database /outputfile/wireless.dbl