Wi-Fi (phy80211)
The Kismet phy80211 layer processes Wi-Fi packets and devices.
It provides additional APIs for Wi-Fi related data.
WPA handshake
A WPA handshake is required to attack the WPA and WPA2 key exchanges.
Unless configured not to, Kismet will retain EAPOL handshake packets and the first beacon from an access point, and can provide them as a PCAP file.
Kismet retains a handshake set per client session, indexed by the MAC address of the client.
readonly/phy/phy80211/by-key/{DEVICEKEY}/device/{MAC}/pcap/handshake.pcapGETPARAMETERS
DEVICEKEY
string
REQUIREDKismet device key of AP
MAC
string
REQUIREDMAC address of client
WPA PMKID exchange
readonly/phy/phy80211/by-key/{DEVICEKEY}/pcap/handshake-pmkid.pcapGETPARAMETERS
DEVICEKEY
string
REQUIREDKismet device key
Per-device packet stream
Fetch a streaming PCAP-NG capture of all packets to or from a specific BSSID.
This endpoint will stream packets until closed or cancelled.
readonly/phy/phy80211/pcap/by-bssid/{BSSID}/packets.pcapngGETPARAMETERS
BSSID
string
REQUIREDBSSID of AP
Wi-Fi clients
readonly/phy/phy80211/clients-of/{DEVICEKEY}/clients.json/phy/phy80211/clients-of/{DEVICEKEY}/clients.ekjson/phy/phy80211/clients-of/{DEVICEKEY}/clients.prettyjsonGET
POSTPARAMETERS
DEVICEKEY
string
REQUIREDKismet device key
PARAMETERS
This endpoint takes additional parameters by using a `POST` request and supplying a
JSON document or json form variable.
You can find more information about API parameters here.
fields
field simplification
OPTIONALKismet can reduce the amount of information being processed and returned by an API by simplifying the fields to only return the data needed by the caller.
You can read more about the field simplification API and how to use it here.
Access points device view
A device view endpoint which returns Wi-Fi access point devices only.
An access point is a Wi-Fi device which has been seen to transmit management frames or packets with from-ds set.
For complete documentation, check the device view api
readonly/devices/views/phydot11_accesspoints/devices.json/devices/views/phydot11_accesspoints/devices.ekjson/devices/views/phydot11_accesspoints/devices.prettyjsonGET
POSTAccess point view by timestamp
A device view endpoint which returns Wi-Fi access point devices only.
An access point is a Wi-Fi device which has been seen to transmit management frames or packets with from-ds set.
Devices which have been active since the specified time will be returned.
For complete documentation, check the device view api
readonly/devices/views/phy80211_accesspoints/last-time/{TIMESTAMP}/devices.json/devices/views/phy80211_accesspoints/last-time/{TIMESTAMP}/devices.ekjson/devices/views/phy80211_accesspoints/last-time/{TIMESTAMP}/devices.prettyjsonGET
POSTPARAMETERS
TIMESTAMP
number
REQUIREDTimestamps can be absolute (UNIX epochal) timestamps, or they can be relative negativ numbers, indiciating "number of seconds before now".
You can read more about timestamp handling and how to use it here.
Wi-Fi related devices
Kismet can track relate devices. On a Wi-Fi network, a related device occurs when traffic shows they are on the same physical network, make up multiple BSSIDs of the same physical AP, or make up multiple BSSIDs in a roaming SSID.
This endpoint will return an array of complete device records of the associated devices, making it a single query to fetch the nested information.
readonly/phy/phy80211/related-to/{DEVICEKEY}/devices.json/phy/phy80211/related-to/{DEVICEKEY}/devices.ekjson/phy/phy80211/related-to/{DEVICEKEY}/devices.prettyjsonGET
POSTPARAMETERS
DEVICEKEY
string
REQUIREDAccess point device key
PARAMETERS
This endpoint takes additional parameters by using a `POST` request and supplying a
JSON document or json form variable.
You can find more information about API parameters here.
fields
field simplification
OPTIONALKismet can reduce the amount of information being processed and returned by an API by simplifying the fields to only return the data needed by the caller.
You can read more about the field simplification API and how to use it here.