Kismet Wireless

Kismet Forums

 

Posted by:dragorn
Subject:Large number of networks
Date:18:14:09 18/07/2017

> Hi,
>
> I'm very new to network analysis and Kismet, so I was very surprised when on the first try I started to collect around 100 networks/minute in monitor mode. I live in a city, but with a run of the mill laptop, I should only see what's in my immediate neighborhood. I had to abort collection after around 15 min, as the Application started to slow down, in the region of 1500 networks.
>
> Does anyone have an explanation for what might be going on?
>
> cheers!

Firstly, if you're feeling brave, you can check out the latest git-master code; the new webui is far more efficient; I've tested up to 25,000 devices with just my laptop and it wasn't particularly stressed out.

Beyond that, there's a few things that could be going on:

1) There might just be that many devices out there. It's surprising. This is compounded by RX-only being easier than establishing a connection - You generally are limited to 100-300 feet for standard consumer wi-fi, but the packets themselves go a lot further when you don't care about either getting enough of them to make a real connection, or being able to push your packets BACK to make a real connection.

2) You don't mention what hardware you use, but it could be reporting junk packets. A good example of this is the ath10k, but other cards do it too. You can sometimes spot this by a flood of almost-but-not-quite identical networks, like "linksys" "links3232" etc - if the card doesn't filter corrupt packets, you'll start seeing corruption of SSIDs pretty commonly.

3) Some devices generate multiple records. For example, modern android and ios use randomized mac addresses when looking for wifi networks; if you're in a dense enough area you might see a large number of these devices on a new mac address (and therefor appearing to be a 'new device') for a second or two, repeatedly.

1500 isn't too surprising a number; I recently ran a test in a hotel while I was travelling and saw 3500 devices; Years and years ago I saw 2000+ active devices simultaneously in Cambridge, MA using a roof-mounted car antenna. It's not totally implausible, anyhow!


Reply to this message