aboka Posted December 3, 2010 Share Posted December 3, 2010 <!--quoteo(post=152035:date=Thu, 28 Jan 2010 18:38:25 +0000:name=c0r)--><div class='quotetop'>QUOTE (c0r @ Thu, 28 Jan 2010 18:38:25 +0000) <a href="index.php?act=findpost&pid=152035"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->I haven't used kismet a lot.I only use the aircrack suite. With airodump-ng you can see the clients that are connected to the AP. I don't think kismet does that..correct me if i'm wrong. c<!--QuoteEnd--></div><!--QuoteEEnd--> When you are in Kismet, if you select an AP and press 'c' you can see the clients connected to that AP: <img src="http://theowned.org/kismet_ssid_client.png" border="0" class="linked-image" /> If the AP is not encrypted, or if you know the encryption key, you can also see the IP address of each client as well as the manufacturer of their wireless card and MAC address. Nifty stuff, for sure. Hi! I have search hi and low for info on howto use Kismet to find out the AP's IP range but to no avail. I think you guys here could help shed some light for me. I am starting to learn BT4 and have successfully pass WEP/WPA and going for more advance challenge like getting pass a network without a DHCP enabled. My Kismet is running and showing too many info from all the AP it detects, how could i filter all the info and make it show only the IP address of the AP i want? Thank you, Quote Link to comment Share on other sites More sharing options...
Whig Posted July 4, 2013 Share Posted July 4, 2013 Which one is better for wardriving now a days? I'm trying to decided will I use my kismet or airodump-ng based script on my Raspberry Pi for wardriving and I would like to use airodump-ng becaues with it everything seems to run more easily but is kismet better? I have two setups one with kismet and one with airodump-ng so both goes but I try to choose one and make it as good as possible... Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 4, 2013 Share Posted July 4, 2013 Which one is better for wardriving now a days? I'm trying to decided will I use my kismet or airodump-ng based script on my Raspberry Pi for wardriving and I would like to use airodump-ng becaues with it everything seems to run more easily but is kismet better? I have two setups one with kismet and one with airodump-ng so both goes but I try to choose one and make it as good as possible... Kismet most likely. I've never used airodump-ng for wardriving, kismet is pretty much made for this. Quote Link to comment Share on other sites More sharing options...
shutin Posted July 5, 2013 Share Posted July 5, 2013 I have extensive experience with both and am happy to answer any questions. Overall, kismet is the best for using multiple cards and doing wardriving style surveys. FOr one thing, you can change the channels that it will hop/stay on interactively in the app. So let's so you want to hunt for WPA2 networks to capture the handshake. You can originally hop until you find the channel your taget AP is on. Then you can set kismet to stay on that channel exclusively. As far as the aircrack-ptw plugin for it, this will only work if the WEP ap is broadcasting a LOT of traffic because kismet will only capture IVs for a short time and then discards them if it can't crack it. One technique that would work well is to have kismet listening on the channel with the PTW plugin enabled, then use aircrack or wifite or something to inject a bunch of arp requests to generate the traffic you need and kismet will automatically crack it. Another great thing about kismet is that you can specify a bunch of WEP keys you have and it will automatically decrypt all the WEP traffic it sees and put that inthe capture. You specify that in the kismet.conf file. I absolutely love kismet. One other benefit is that it records ALL client connections it sees over time and puts that in the output log. the Aircrack suite, on the other hand is more useful for very targeted attacks. You can easily specify the exact ESSID you want to use, get visual conformation when it captures a handshake (kismet wont do that) and kep your overall file sizes low instead of the keep-everything logs kismet outputs. Another tool I haven't seen mentioned is pyrit. It has it's quirks and bugs but I've had some pretty good success with the "stripLive" feature. Basically you run it, specifying your interface to use and the output file to write, and it sits and listens and records ONLY the handshakes that it sees. Those handshakes can be used in any cracking program you want and the file size is very small. To extract just the handshake you want for later use in oclHashcat you can use "Aircrack-ng -J". This will read a pcap file and find the handshakes and let you choose which one to attack. tl:dr, kismet for wardriving and keeping an eye on your overal wifi environment. Aircrack-ng for targeted attacks and dumps and of course cracking. Hope that hepls! Quote Link to comment Share on other sites More sharing options...
Whig Posted July 5, 2013 Share Posted July 5, 2013 Thanks =) So I forget airodump-ng on this kind of use and start to build up my kismet setup =) Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 6, 2013 Share Posted July 6, 2013 Since the pi doesn't have a real time clock, I found this script that will set the time from the gps, works most of the time... http://blog.devicenull.org/2012/01/03/pogoplug-wardriving-%28part-2%29.html Never got the pogoplug to work the way this guy did though. Been meaning to set up my pi for it, and just haven't gotten around to it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.