Well when you read the kismet docs what did you find out?
Kismet
Detecting Probes Only
I've been toying with Kismet in recent weeks and I'm happy detecting APs and Probes with this tool. Is there a way that Kismet can be editted to solely log probes as opposed to Access Points?
Re: Detecting Probes Only
Well when you read the kismet docs what did you find out?
Kismet
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
The Kismet guidance says:-Originally Posted by Archangel-Amael
"Probe tracking. By default, Kismet tracks probe requests and responses, and attempts to combine a probe request network with the network that responds to it. Sometimes this isn't the desired behavior, by setting 'trackprobenets' to 'false', probe requests will always remain separate."
....but this doesn't really provide the solution I'm looking for. I sdon't want Kismet to report on any AP at all and solely on probes (devices). The documentation doesn't seem to provide a solution to this.
So I've spent the past 2 weeks continuing to research this topic but still, to no avail.
Does anyone know if there is a way to monify the Kismet config to solely detect probe (device) broadcasts and not access points? If not, are there any other tools that can be configured to solely detect device broadcasts?
Last edited by Archangel-Amael; 08-23-2010 at 09:24 AM.
Re: Detecting Probes Only
Ok maybe there is a miscommunication here, A wireless card can send out different types of probes and (sometimes) get back various probes in response.
For instance we can use an injection test to send out broadcast probes, this can cause Access points to respond with a description of itself, we can also send out directed probes to those access points to determine if you can communicate with it and how well.
There is more to it than that, but if you are wanting to detect the probes of say another wireless card, then you could use wireshark and or tcpdump to parse your kismet dumps, Kismet also has some filtering options built in, but I don't believe they are as good as the ones in wireshark.
Also have a look at this, for more info.
Introduction to Kismet - www.wi-fiplanet.com
faq [Aircrack-ng]
Detecting Unauthorized 802.11 Cards and Access Points
links [Aircrack-ng]
Those links contain a lot more information to better guide and help you.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Re: Detecting Probes Only
Archangel-Amael, many thanks for your reply. I'll look at the links you suggested
Posting Permissions