Passive Capture

Passive monitoring

Kismet operates almost entirely passively, with a few exceptions (such as Bluetooth scanning mode) noted in the documentation for those capture types.

Kismet is not an attack tool (generally) - to test your Wi-Fi security check out tools like Aircrack-NG or the Wi-Fi Pineapple.

Kismet is largely focused on collecting, collating, and sorting wireless data. The logs generated by Kismet can be fed into other tools (the pcap, handshakes, and other data) like hashcat, aircrack, and more.

Wireless vs Wired monitoring

Wireless capture is often more difficult than wired capture, at several levels:

  • Different physical characteristics

    When connected to a wired network and capturing packets, you will always capture all packets available on that connection (assuming you have sufficient processing power and storage speed to log them, of course).

    When capturing packets from a wireless network, things are very different; your receiver may not be in a position to even see the packets that the legitimate destination can receive fine, you may not be on the correct channel or part of the spectrum when the packets are sent, there may be localized interference, or you may be in the center of reflected signals that cancel each other out.

  • Drivers

    To capture raw packets from a Wi-Fi device, a mode called “monitor mode” or “rfmon” is required - this mode turns off packet filtering in the Wi-Fi card itself and passes raw data up to the operating system.

    While most drivers in the Linux kernel support this, not all do. Mobile chipsets (such as those found in Android phones or Raspberry Pi devices) typically do not have the code in the device firmware at all and either cannot be used, or require special driver hacks to re-enable it.

    Windows has nearly no monitor-mode capable public drivers, and macOS can enter monitor mode for the internal Airport cards, but typically not on any other type of Wi-Fi.

    Other non-Wi-Fi protocols often have no radio support, or lack drivers. Sometimes this is solved with special hardware and drivers, sometimes it can be solved with software defined radios.

  • Many protocols

    Wi-Fi alone has at least 6 major revisions, each of which is largely invisible to hardware of the previous generation, combined with 3 major spectrum bands. Each revision increases speed (decreasing effective signal) and complexity of the signal (MIMO, sub-channels, etc) which make capturing data harder.

    That’s just Wi-Fi - add in Bluetooth, Zigbee, arbitrary RF protocols, and the amount of hardware and software needed to capture what is flying around in the air explodes.