Kismet Cheat Sheet
Kismet is a wireless network detector, sniffer, and IDS for Wi-Fi, Bluetooth, and other wireless protocols. It excels at passive reconnaissance and device discovery.
Start Kismet
kismet
Web UI:
http://127.0.0.1:2501
Note
Run as root for packet capture.
Interfaces
Kismet auto-detects interfaces. To add manually:
kismet -c wlan0
Monitor mode recommended:
airmon-ng start wlan0
kismet -c wlan0mon
Wi‑Fi Discovery
Kismet discovers: - APs (ESSID/BSSID) - Clients & devices - Channels & encryption - Signal strength
Packet Capture
Enable capture from UI or CLI:
kismet -c wlan0mon --log-prefix capture
Outputs:
- .pcapng
- .kismet logs
Filters & Views
Common filters:
- encryption:WPA
- type:AP
- type:device
Alerts
Kismet generates alerts for: - Rogue APs - Deauth floods - Suspicious probes
View in UI:
Alerts → Alerts
GPS Mapping (Optional)
kismet --use-gpsd
Maps AP locations when GPS is available.
Channel Control
kismet -c wlan0mon:channel=6
Locks to channel 6.
Typical Workflow
airmon-ng start wlan0
kismet -c wlan0mon
Analyze APs & clients
Export PCAP
Export Data
From UI: - Export devices - Export PCAP for Wireshark
Common Issues
No packets captured
- Interface not in monitor mode
- Insufficient permissions
High CPU usage
- Reduce channels
- Disable extra PHYs
Related Tools
airodump-ngwiresharkaircrack-ngbettercap
Use Cases
- Wireless reconnaissance
- Device discovery
- Rogue AP detection
- Passive IDS
Legal Notice
Danger
Use Kismet only on networks you own or have permission to monitor.