Unlocking Wireless Networks: A Guide to Kismet and Wardriving
Written on
Chapter 1: Introduction to Wardriving
In this article, we will explore how to set up a wireless detection and wardriving device using Kismet on a Raspberry Pi Zero. If you’ve previously followed our guide on installing Kali Linux on the Pi Zero for cyber exploration, you’ll find this process a valuable extension.
To effectively use Kismet on the go, some additional hardware and configuration will be necessary. While we recommend Kali Linux for its built-in software and drivers, you can opt for any Linux distribution you prefer, such as Ubuntu. This flexibility allows for a hands-on experience with command line operations, albeit with a steeper learning curve.
What Exactly is Wardriving?
Wardriving involves the exploration and mapping of wireless networks while moving through various locations. Typically performed with a mobile device like a laptop or smartphone, the goal is to identify both open and secured networks, gathering data on signal strength, encryption, and other relevant details.
Detection: Wardrivers utilize Wi-Fi scanning tools to locate nearby networks, collecting information about their Service Set Identifier (SSID), security protocols, and signal strength.
Mapping: The information compiled during wardriving can be visualized on maps, which helps in understanding the density of networks in specific areas. This can be invaluable for network planning or usage analysis.
Security Assessment: This practice can also uncover vulnerabilities in wireless networks. Networks that are unsecured or poorly secured are at greater risk of unauthorized access and breaches, highlighting the necessity of robust security measures.
Legal and Ethical Considerations: While wardriving itself isn't illegal, unauthorized access or exploitation of network vulnerabilities is against the law. Responsible wardrivers prioritize ethical practices and avoid harmful activities.
Community Awareness: Wardriving raises awareness about the prevalence of Wi-Fi networks and emphasizes the importance of securing them, encouraging both individuals and businesses to protect their networks and sensitive data.
Before diving into the setup, ensure you understand the legalities regarding wardriving in your area.
Equipment Checklist
To get started, you'll need your previously configured Pi Zero running Kali. Other devices like Intel Nuc or Lenovo Tiny can also be effective, but a smartphone may suffice in some cases. However, keep in mind that in densely populated areas, a low-powered device like the Pi Zero paired with a single Wi-Fi card may face limitations in detection capabilities.
- GPS Module: A USB connection is ideal, although Bluetooth devices can also be used, but may interfere with Kismet's operations.
- Wi-Fi Card: At least one Wi-Fi card that supports monitor mode is essential. We recommend the Alfa card for beginners, though other generic cards can work as well. The TP-Link WN-722 is recognized but may not be the best first choice.
- Power Source: Ensure you have a reliable power source and your preferred method for accessing the Pi, typically via an external monitor to utilize the Kismet Web interface.
Setting Up Kismet
Begin by booting Kali with the GPS module connected. After logging in, open a terminal to initiate the setup.
First, you need to deactivate your interface, switch it to monitor mode, and reactivate it. Use the following commands (ensure you have root access):
sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 up
Next, enable the onboard Bluetooth with:
sudo hciconfig hci0 up
If Bluetooth does not activate during boot, enable it using:
sudo systemctl enable bluetooth
Once your card is in monitor mode, start Kismet with the following command:
kismet -c wlan0 hci0
If successful, Kismet will launch in the terminal, and the web interface should appear. Access it via your browser to confirm the setup:
- Ensure GPS data is displaying in the top left corner.
- Confirm the primary Wi-Fi interface (Kismon) is detecting Wi-Fi stations.
- Verify the Bluetooth interface (Hci0) is monitoring Bluetooth traffic.
For those interested in enhancing their setup, consider adding an inexpensive RTL-SDR dongle for aircraft detection.
If you encounter issues, use the left menu on the web interface for further configuration options. You can customize detection colors, making it easier to categorize devices.
Next Steps
By this point, you should be able to monitor traffic through your various data sources, with the Kismet web interface displaying your GPS location and sorted devices.
If everything is functioning correctly, you’ll see several devices depending on the network density around you. While we'll discuss data analysis in a future article, it’s worth noting that Kismet can also act as a Wireless Intrusion Detection System, alerting you to any suspicious activity in your environment.
Some alerts you can configure include:
- Detection of promiscuous mode wireless cards
- Monitoring Wi-Fi deauthentication packets
- Authentication failures
- Identification of rogue access points and evil twin attacks
Much like Wireshark, Kismet is a powerful tool for learning about wireless networking protocols, device security, and both Wi-Fi and Bluetooth standards. This knowledge is a crucial step towards effectively monitoring and securing your network.
For those looking to expand their cybersecurity knowledge, consider signing up for Tryhackme, where you can learn defensive strategies in a controlled environment with a wealth of resources.
Enjoyed this article? Support our work and join the community!
The first video, Signals Intelligence with Kismet, provides insights into using Kismet effectively for signals intelligence.
The second video, Use Kismet to Find & Monitor Nearby Wi-Fi Devices [Tutorial], offers a step-by-step guide for utilizing Kismet to monitor nearby Wi-Fi networks.