New release: 2020-09-R1

5 minute read

Kismet 2020-09-R1!

Kismet 2020-09-R1 is here!

This release comes with a modest selection of new features, both on the front end and in the API:

  • Kismet server auto-discovery

    Running remote capture from an embedded device when your laptop doesn’t have a fixed IP? Running many remote capture nodes on the same local network? Doing something else cool?

    Kismet now has an optional auto-discovery mode in which the server can send an announcement ovr UDB broadcast and remote capture tools can automatically detect and configure themselves.

  • New SSID details window to go along with the SSID views

    When viewing the SSID listing, you can now click on a SSID to get a detailed view including every AP beaconing the SSID, every AP responding for the SSID, and every client probing for that SSID, and the encryption options for each advertising and responding device. Easily find spoofed or misbehaving access points!

  • New “MAC censorship” demo option in the web UI

    Disclosing the MAC addresses of of access points in screenshots or during demos can reveal the physical location of the server via Wi-Fi based geolocation; this might not be desireable.

    As a hack, Kismet now supports the censor_macs option on the URL; for example by using http://localhost:2501/?censor_macs=1 the UI will change any text that looks like a MAC address to just the OUI, or first three bytes.

    This feature is fairly experimental and there may be some parts where the original MAC is still disclosed, but it’s still very helpful.

  • Split advertised and responded APs

    Advertised SSIDss (beacons) are now split from responed SSIDs (probe response) in AP records and in the UI

  • Significant memory optimizations

    Many small gains add up to fairly significant memory optimizations, especially on large device counts but even smaller sessions should see a serious improvement in memory use.

  • New optimized internal field building

    Kismet would spend a fair bit of time resolving the names of fields when constructing complex objects used for tracking; this is now greatly reduced which leads to much faster object building, which in turn leads to faster packet processing rates and lower CPU for the same rates.

  • Optimized “multikey-as-dictionary” API

    Aa new API allows the web ui (and third party tools) to query multiple devices, with subsets of fields, returned as a dictionary based on the device key.

    What this really means practically is that the web ui can perform a single request from the Kismet server and get the details of dozens of devices related to a network in one transaction, instead of making dozens of queries when a detail window is opened.

  • Verbose output on remote capture tools

    By default now remote capture tools go into “verbose” mode which echoes any output sent to the Kismet server; this should make identifying problems with the capture tool easier if the server output is not available.

  • Expanded ICAO databases for ADSB

    The ADSB ICAO database is now fed from multiple sources including the US and Canadian registries. This greatly expands the number of devices that can be accurately shown.

  • Compressed server-side ICAO databases

    The ADSB ICAO database, now much larger, is now a compressed indexed file kept with the Kismet server, instead of an uncompressed file embedded in the adsb-capture tool. This is more consistent with how Kismet treats data files, and makes the adsb capture tool take much less room on small capture devices.

  • More memory control options

    Some new configuration options have been added for controlling memory, such as:

    • dot11_keep_eapol=false - Turn off EAPOL/RSN caching; while this disables EAPOL replay detection and the automatic handshake pcap generation, it saves memory on small servers
  • New greatly simplified JSON generation and parsing

    An under-the-covers fix greatly simplifies how data is converted to JSON, which improves the speed and reduces the size of generating JSON in the server (something Kismet does a lot of).

    Another behind the scenes change drops a legacy interstitial API for handling JSON data and uses the JSON parsers consistently throughout the code, reducing the code size somewhat and making it simpler overall.

  • Support for non-packet scan reports

    A new API endpoint allows for submitting scanned detections - such as from a mobile phone scanning for nearby APs, or an embedded device with the ability to scan but not packet capture.

    This allows tools to be written to collect data about Wi-Fi and Bluetooth from Android devices, ESP microcontrollers, and more.

  • New event bus extension to the Kismet helper protocol

    The Kismet helper / RPC protocol is what connects capture tools, http proxy tools, and more to Kismet. This protocol now supports proxying the event bus, allowing for light-weight plugins written in other languages (such as Python) to receive notifications of new events on the Kismet server, like alerts, new devices, and more.

  • New kismetdb_to_pcap tool

    A new tool for converting kismetdb logs to pcaps is part of the basic Kismet packages now, no need to download a Python tool. kismetdb_to_pcap can generate pcap or pcapng, with filtering and splitting.

  • Configuration flavors/override system

    Sometimes it makes sense to have multiple configuration files for Kismet, each setting slightly different options (for example different sets of capture cards and so on); Kismet now has an --override option which lets you specify one of these files. Options in an override config will take precedence over any other options in other config files, making it easy to set different names, memory limits, log types, capture sources, etc.

  • New OpenWRT packaging

    New OpenWRT packages for the Python-based capture tools and split packaging for the new manufacturer and adsb icao databases; pick and choose which components to install on small systems.

  • Packet rate graphs

    New window in the UI for showing the raw packet rate, handled packet rate, packet processing queue backlog size, and droppd packet rates.

  • More manufacturer indexing

    Some access points use a randomized BSSID with a randomized OUI when configured for multiple SSIDs. Many of these still include a manufacturer IE221 tag in the beacon; Kismet will now look for these and assign the manufacturer properly.

  • Optimized internal map structure

    Internal map data structures have been switched for the most part from std::map and std::unordered_map to robin_hood::unordered_node_map which uses a more efficient hashing algorithm with faster lookups, which should have an overall impact on performance in many areas.

  • Lots and lots of bug fixes and minor updates

    Lots and lots of bug fixes and other under the cover updates, changes to simpler and more idiomatic code, and refinements are also in this release.

Download

You can get the 2020-09-R1 release from the Kismet downloads page, where you can get both the source and packages for several distributions.

Packaging

If you’re looking to package Kismet, have a look at the packaging guidelines.

Thanks

And as always, a tremendous thank you to all the supporters on Github Sponsors and Patreon