Well when you read the kismet docs what did you find out?
I've been toying with Kismet in recent weeks and I'm happy detecting APs and Probes with this tool. Is there a way that Kismet can be editted to solely log probes as opposed to Access Points?
"Probe tracking. By default, Kismet tracks probe requests and responses, and attempts to combine a probe request network with the network that responds to it. Sometimes this isn't the desired behavior, by setting 'trackprobenets' to 'false', probe requests will always remain separate."
....but this doesn't really provide the solution I'm looking for. I sdon't want Kismet to report on any AP at all and solely on probes (devices). The documentation doesn't seem to provide a solution to this.
So I've spent the past 2 weeks continuing to research this topic but still, to no avail.
Does anyone know if there is a way to monify the Kismet config to solely detect probe (device) broadcasts and not access points? If not, are there any other tools that can be configured to solely detect device broadcasts?
Last edited by Archangel-Amael; 08-23-2010 at 09:24 AM.
Ok maybe there is a miscommunication here, A wireless card can send out different types of probes and (sometimes) get back various probes in response.
For instance we can use an injection test to send out broadcast probes, this can cause Access points to respond with a description of itself, we can also send out directed probes to those access points to determine if you can communicate with it and how well.
There is more to it than that, but if you are wanting to detect the probes of say another wireless card, then you could use wireshark and or tcpdump to parse your kismet dumps, Kismet also has some filtering options built in, but I don't believe they are as good as the ones in wireshark.
Also have a look at this, for more info.
Introduction to Kismet - www.wi-fiplanet.com
Detecting Unauthorized 802.11 Cards and Access Points
Those links contain a lot more information to better guide and help you.
Archangel-Amael, many thanks for your reply. I'll look at the links you suggested