Scanning mode: Wi-Fi
Capturing raw packets in Wi-Fi requires a monitor-mode capable interface and either local capture or a high-bandwidth connection to the remote capture device.
Scanning mode utilizing the normal network detection mode present in essentially all Wi-Fi cards to collect information about nearby networks for Kismet to use, but comes with some significant limitations:
Clients will not be visible.
Scanning mode cannot detect clients, only advertising access points.
Scanning mode transmits packets
Often, scanning for nearby networks generates probe requests from the device which is scanning.
Full beacon information may not be available
Often only the basic content of the beacons is available.
Packet data will not be available
Data packets, retransmissions, and other information will not be available.
Scanning mode data sources
The scan report API is designed to be as simple as possible, and to automate as much of the process as possible.
To assist with automation, scanning mode datasources are created dynamically by Kismet when scan reports are submitted; there is no need to define a specific datasource before sending a scanning mode report.
To create the scanning mode datasource, a scanning report must include:
A datasource UUID. This UUID must be unique within Kismet, and consistent for all reports from this datasource. Scanning software should cache this UUID for consistent reporting between instances.
A human-readable name. This wil be assigned as the name of the datasource, and will be updated automatically if the name changes in subsequent reports.
Cache and burst mode reporting
Scanning mode assumes that the device doing scannign may not be able to maintain a constant connection to the Ksimet server.
Reports can be cached in sent in groups using the report endpoint; each report contains a timestamp, GPS location, and signal information. Multiple reports for the same AP reflecting information over time can be sent in a single connection.
Wi-Fi scanning report
Submit a scanning report.
A scanning report consists of a datasource name and UUID, and a list of report objects.
This endpoint takes additional parameters by using a `POST` request and supplying a
JSON document or
json form variable.
You can find more information about API parameters here.
List of report objects
Each report object should contain:
Unix timestamp with second precision.
If no timestmap is provided, the time the report is received is used.
Due to lack of high-precision packet data in scanning mode, timestamps are second precision only.
Network SSID, if known.
Access point BSSID
An Android or Wigle style string of encryption options and other AP
attributes, such as
[WPA-PSK-TKIP+CCMP], and so on.
If no capabilities field is provided, the device is assumed to be an AP with no encryption options set.
Channel string, such as
Frequency of device, in KHz
Signal level, in dBm
GPS latitude of detection, in decimal degrees
GPS longitude of detection, in decimal degrees
GPS altitude of detection, in meters
GPS speed of motion of sensor during detection, in kilometers/hour