Secure Ideas actively supports open source and giving back
to the community. In that light, we’re announcing the release of an updated tool
for parsing and viewing Kismet log files.
It passively detects networks, SSIDs, and with enough time can even decloak
hidden networks by capturing the name from clients that connect. And with an
extensible plugin architecture, it can even sniff other, non-802.11, types of
drive the facilities of a client to determine what wireless traffic is actually
being used. Then that information can be compared to documentation of what the
client believes should be in use. Often times we find misconfigurations,
unapproved use, and even unauthorized devices that have been added to the
easily review log files after the assessment. During the assessment, viewing
data and activity is very easy and accessible, but later when you’re trying to
analyze the results it’s more difficult. Kismet creates a LOT of log data, and
most of it is in XML or CSV format that makes it easy to parse, but there is no
native functionality to view those logs.
parsed and presented this log data in an easy-to-read HTML format. Unfortunately
with changes to the Kismet structure and log format, none of those tools still
update to the original Kismet Log Viewer released by Brian Foy in 2003. KLV v2
reads in multiple Kismet .netxml files, summarizes the data, and outputs an
HTML or CSV file.
development, functional priority was based on necessity; I wrote what I needed
first. But I plan to continue extending the tool to add more functionality.
problems, or have suggestions, please feel free to contact me.
Nathan Sweaney is a Senior Security Consultant for Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at firstname.lastname@example.org or visit the Secure Ideas – Professionally Evil site for services provided.