|
|
@@ -0,0 +1,304 @@
|
|
|
1
|
+# Kismet config file
|
|
|
2
|
+# Most of the "static" configs have been moved to here -- the command line
|
|
|
3
|
+# config was getting way too crowded and cryptic. We want functionality,
|
|
|
4
|
+# not continually reading --help!
|
|
|
5
|
+
|
|
|
6
|
+# Version of Kismet config
|
|
|
7
|
+version=2009-newcore
|
|
|
8
|
+
|
|
|
9
|
+# Name of server (Purely for organizational purposes)
|
|
|
10
|
+# If commented out, defaults to host name of system
|
|
|
11
|
+# servername=Kismet Server
|
|
|
12
|
+
|
|
|
13
|
+# Prefix of where we log (as used in the logtemplate later)
|
|
|
14
|
+logprefix=/tmp
|
|
|
15
|
+
|
|
|
16
|
+# Do we process the contents of data frames? If this is enabled, data
|
|
|
17
|
+# frames will be truncated to the headers only immediately after frame type
|
|
|
18
|
+# detection. This will disable IP detection, etc, however it is likely
|
|
|
19
|
+# safer (and definitely more polite) if monitoring networks you do not own.
|
|
|
20
|
+# hidedata=true
|
|
|
21
|
+
|
|
|
22
|
+# Do we allow plugins to be used? This will load plugins from the system
|
|
|
23
|
+# and user plugin directiories when set to true (See the README for the default
|
|
|
24
|
+# plugin locations).
|
|
|
25
|
+allowplugins=false
|
|
|
26
|
+
|
|
|
27
|
+# See the README for full information on the new source format
|
|
|
28
|
+# ncsource=interface:options
|
|
|
29
|
+# for example:
|
|
|
30
|
+# ncsource=wifi0:type=madwifi
|
|
|
31
|
+# ncsource=wlan0:name=intel,hop=false,channel=11
|
|
|
32
|
+ncsource=wlan0
|
|
|
33
|
+
|
|
|
34
|
+# Comma-separated list of sources to enable. This is only needed if you defined
|
|
|
35
|
+# multiple sources and only want to enable some of them. By default, all defined
|
|
|
36
|
+# sources are enabled.
|
|
|
37
|
+# For example, if sources with name=prismsource and name=ciscosource are defined,
|
|
|
38
|
+# and you only want to enable those two:
|
|
|
39
|
+# enablesources=prismsource,ciscosource
|
|
|
40
|
+
|
|
|
41
|
+# Control which channels we like to spend more time on. By default, the list
|
|
|
42
|
+# of channels is pulled from the driver automatically. By setting preferred channels,
|
|
|
43
|
+# if they are present in the channel list, they'll be set with a timing delay so that
|
|
|
44
|
+# more time is spent on them. Since 1, 6, 11 are the common default channels, it makes
|
|
|
45
|
+# sense to spend more time monitoring them.
|
|
|
46
|
+# For finer control, see further down in the config for the channellist= directives.
|
|
|
47
|
+preferredchannels=1,6,11
|
|
|
48
|
+
|
|
|
49
|
+# How many channels per second do we hop? (1-10)
|
|
|
50
|
+channelvelocity=3
|
|
|
51
|
+
|
|
|
52
|
+# By setting the dwell time for channel hopping we override the channelvelocity
|
|
|
53
|
+# setting above and dwell on each channel for the given number of seconds.
|
|
|
54
|
+#channeldwell=10
|
|
|
55
|
+
|
|
|
56
|
+# Channels are defined as:
|
|
|
57
|
+# channellist=name:ch1,ch2,ch3
|
|
|
58
|
+# or
|
|
|
59
|
+# channellist=name:range-start-end-width-offset,ch,range,ch,...
|
|
|
60
|
+#
|
|
|
61
|
+# Channels may be a numeric channel or a frequency
|
|
|
62
|
+#
|
|
|
63
|
+# Channels may specify an additional wait period. For common default channels,
|
|
|
64
|
+# an additional wait period can be useful. Wait periods delay for that number
|
|
|
65
|
+# of times per second - so a configuration hopping 10 times per second with a
|
|
|
66
|
+# channel of 6:3 would delay 3/10ths of a second on channel 6.
|
|
|
67
|
+#
|
|
|
68
|
+# Channel lists may have up to 256 channels and ranges (combined). For power
|
|
|
69
|
+# users scanning more than 256 channels with a single card, ranges must be used.
|
|
|
70
|
+#
|
|
|
71
|
+# Ranges are meant for "power users" who wish to define a very large number of
|
|
|
72
|
+# channels. A range may specify channels or frequencies, and will automatically
|
|
|
73
|
+# sort themselves to cover channels in a non-overlapping fashion. An example
|
|
|
74
|
+# range for the normal 802.11b/g spectrum would be:
|
|
|
75
|
+#
|
|
|
76
|
+# range-1-11-3-1
|
|
|
77
|
+#
|
|
|
78
|
+# which indicates starting at 1, ending at 11, a channel width of 3 channels,
|
|
|
79
|
+# incrementing by one. A frequency based definition would be:
|
|
|
80
|
+#
|
|
|
81
|
+# range-2412-2462-22-5
|
|
|
82
|
+#
|
|
|
83
|
+# since 11g channels are 22 mhz wide and 5 mhz apart.
|
|
|
84
|
+#
|
|
|
85
|
+# Ranges have the flaw that they cannot be shared between sources in a non-overlapping
|
|
|
86
|
+# way, so multiple sources using the same range may hop in lockstep with each other
|
|
|
87
|
+# and duplicate the coverage.
|
|
|
88
|
+#
|
|
|
89
|
+# channellist=demo:1:3,6:3,11:3,range-5000-6000-20-10
|
|
|
90
|
+
|
|
|
91
|
+# Default channel lists
|
|
|
92
|
+# These channel lists MUST BE PRESENT for Kismet to work properly. While it is
|
|
|
93
|
+# possible to change these, it is not recommended. These are used when the supported
|
|
|
94
|
+# channel list can not be found for the source; to force using these instead of
|
|
|
95
|
+# the detected supported channels, override with channellist= in the source defintion
|
|
|
96
|
+#
|
|
|
97
|
+# IN GENERAL, if you think you want to modify these, what you REALLY want to do is
|
|
|
98
|
+# copy them and use channellist= in the packet source.
|
|
|
99
|
+channellist=IEEE80211b:1:3,6:3,11:3,2,7,3,8,4,9,5,10
|
|
|
100
|
+channellist=IEEE80211a:36,40,44,48,52,56,60,64,149,153,157,161,165
|
|
|
101
|
+channellist=IEEE80211ab:1:3,6:3,11:3,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64,149,153,157,161,165
|
|
|
102
|
+
|
|
|
103
|
+# Client/server listen config
|
|
|
104
|
+listen=tcp://127.0.0.1:2501
|
|
|
105
|
+#listen=tcp://0.0.0.0:2501
|
|
|
106
|
+
|
|
|
107
|
+# People allowed to connect, comma seperated IP addresses or network/mask
|
|
|
108
|
+# blocks. Netmasks can be expressed as dotted quad (/255.255.255.0) or as
|
|
|
109
|
+# numbers (/24)
|
|
|
110
|
+allowedhosts=127.0.0.1
|
|
|
111
|
+# Maximum number of concurrent GUI's
|
|
|
112
|
+maxclients=5
|
|
|
113
|
+# Maximum backlog before we start throwing out or killing clients. The
|
|
|
114
|
+# bigger this number, the more memory and the more power it will use.
|
|
|
115
|
+maxbacklog=5000
|
|
|
116
|
+
|
|
|
117
|
+# Server + Drone config options. To have a Kismet server export live packets
|
|
|
118
|
+# as if it were a drone, uncomment these.
|
|
|
119
|
+# dronelisten=tcp://127.0.0.1:3501
|
|
|
120
|
+# droneallowedhosts=127.0.0.1
|
|
|
121
|
+# dronemaxclients=5
|
|
|
122
|
+# droneringlen=65535
|
|
|
123
|
+
|
|
|
124
|
+# OUI file, expected format 00:11:22<tab>manufname
|
|
|
125
|
+# IEEE OUI file used to look up manufacturer info. We default to the
|
|
|
126
|
+# wireshark one since most people have that.
|
|
|
127
|
+#ouifile=/usr/share/manuf
|
|
|
128
|
+
|
|
|
129
|
+# Do we have a GPS?
|
|
|
130
|
+gps=false
|
|
|
131
|
+# Do we use a locally serial attached GPS, or use a gpsd server, or
|
|
|
132
|
+# use a fixed virtual gps?
|
|
|
133
|
+# (Pick only one)
|
|
|
134
|
+gpstype=gpsd
|
|
|
135
|
+# Host:port that GPSD is running on. This can be localhost OR remote!
|
|
|
136
|
+gpshost=localhost:2947
|
|
|
137
|
+
|
|
|
138
|
+
|
|
|
139
|
+# gpstype=serial
|
|
|
140
|
+# What serial device do we look for the GPS on?
|
|
|
141
|
+# gpsdevice=/dev/rfcomm0
|
|
|
142
|
+
|
|
|
143
|
+# gpstype=virtual
|
|
|
144
|
+# gpsposition=100,-50
|
|
|
145
|
+# gpsaltitude=1234
|
|
|
146
|
+
|
|
|
147
|
+# Do we lock the mode? This overrides coordinates of lock "0", which will
|
|
|
148
|
+# generate some bad information until you get a GPS lock, but it will
|
|
|
149
|
+# fix problems with GPS units with broken NMEA that report lock 0
|
|
|
150
|
+gpsmodelock=false
|
|
|
151
|
+# Do we try to reconnect if we lose our link to the GPS, or do we just
|
|
|
152
|
+# let it die and be disabled?
|
|
|
153
|
+gpsreconnect=true
|
|
|
154
|
+
|
|
|
155
|
+# Do we export packets over tun/tap virtual interfaces?
|
|
|
156
|
+tuntap_export=false
|
|
|
157
|
+# What virtual interface do we use
|
|
|
158
|
+tuntap_device=kistap0
|
|
|
159
|
+
|
|
|
160
|
+# Packet filtering options:
|
|
|
161
|
+# filter_tracker - Packets filtered from the tracker are not processed or
|
|
|
162
|
+# recorded in any way.
|
|
|
163
|
+# filter_export - Controls what packets influence the exported CSV, network,
|
|
|
164
|
+# xml, gps, etc files.
|
|
|
165
|
+# All filtering options take arguments containing the type of address and
|
|
|
166
|
+# addresses to be filtered. Valid address types are 'ANY', 'BSSID',
|
|
|
167
|
+# 'SOURCE', and 'DEST'. Filtering can be inverted by the use of '!' before
|
|
|
168
|
+# the address. For example,
|
|
|
169
|
+# filter_tracker=ANY(!"00:00:DE:AD:BE:EF")
|
|
|
170
|
+# has the same effect as the previous mac_filter config file option.
|
|
|
171
|
+# filter_tracker=...
|
|
|
172
|
+# filter_dump=...
|
|
|
173
|
+# filter_export=...
|
|
|
174
|
+# filter_netclient=...
|
|
|
175
|
+
|
|
|
176
|
+# Alerts to be reported and the throttling rates.
|
|
|
177
|
+# alert=name,throttle/unit,burst
|
|
|
178
|
+# The throttle/unit describes the number of alerts of this type that are
|
|
|
179
|
+# sent per time unit. Valid time units are second, minute, hour, and day.
|
|
|
180
|
+# Burst describes the number of alerts sent before throttling takes place.
|
|
|
181
|
+# For example:
|
|
|
182
|
+# alert=FOO,10/min,5
|
|
|
183
|
+# Would allow 5 alerts through before throttling is enabled, and will then
|
|
|
184
|
+# limit the number of alerts to 10 per minute.
|
|
|
185
|
+# A throttle rate of 0 disables throttling of the alert.
|
|
|
186
|
+# See the README for a list of alert types.
|
|
|
187
|
+alert=ADHOCCONFLICT,5/min,1/sec
|
|
|
188
|
+alert=AIRJACKSSID,5/min,1/sec
|
|
|
189
|
+alert=APSPOOF,10/min,1/sec
|
|
|
190
|
+alert=BCASTDISCON,5/min,2/sec
|
|
|
191
|
+alert=BSSTIMESTAMP,5/min,1/sec
|
|
|
192
|
+alert=CHANCHANGE,5/min,1/sec
|
|
|
193
|
+alert=CRYPTODROP,5/min,1/sec
|
|
|
194
|
+alert=DISASSOCTRAFFIC,10/min,1/sec
|
|
|
195
|
+alert=DEAUTHFLOOD,5/min,2/sec
|
|
|
196
|
+alert=DEAUTHCODEINVALID,5/min,1/sec
|
|
|
197
|
+alert=DISCONCODEINVALID,5/min,1/sec
|
|
|
198
|
+alert=DHCPNAMECHANGE,5/min,1/sec
|
|
|
199
|
+alert=DHCPOSCHANGE,5/min,1/sec
|
|
|
200
|
+alert=DHCPCLIENTID,5/min,1/sec
|
|
|
201
|
+alert=DHCPCONFLICT,10/min,1/sec
|
|
|
202
|
+alert=NETSTUMBLER,5/min,1/sec
|
|
|
203
|
+alert=LUCENTTEST,5/min,1/sec
|
|
|
204
|
+alert=LONGSSID,5/min,1/sec
|
|
|
205
|
+alert=MSFBCOMSSID,5/min,1/sec
|
|
|
206
|
+alert=MSFDLINKRATE,5/min,1/sec
|
|
|
207
|
+alert=MSFNETGEARBEACON,5/min,1/sec
|
|
|
208
|
+alert=NULLPROBERESP,5/min,1/sec
|
|
|
209
|
+alert=PROBENOJOIN,5/min,1/sec
|
|
|
210
|
+
|
|
|
211
|
+# Controls behavior of the APSPOOF alert. SSID may be a literal match (ssid=) or
|
|
|
212
|
+# a regex (ssidregex=) if PCRE was available when kismet was built. The allowed
|
|
|
213
|
+# MAC list must be comma-separated and enclosed in quotes if there are multiple
|
|
|
214
|
+# MAC addresses allowed. MAC address masks are allowed.
|
|
|
215
|
+#apspoof=Foo1:ssidregex="(?i:foobar)",validmacs=00:11:22:33:44:55
|
|
|
216
|
+#apspoof=Foo2:ssid="Foobar",validmacs="00:11:22:33:44:55,aa:bb:cc:dd:ee:ff"
|
|
|
217
|
+
|
|
|
218
|
+# Known WEP keys to decrypt, bssid,hexkey. This is only for networks where
|
|
|
219
|
+# the keys are already known, and it may impact throughput on slower hardware.
|
|
|
220
|
+# Multiple wepkey lines may be used for multiple BSSIDs.
|
|
|
221
|
+# wepkey=00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900
|
|
|
222
|
+
|
|
|
223
|
+# Is transmission of the keys to the client allowed? This may be a security
|
|
|
224
|
+# risk for some. If you disable this, you will not be able to query keys from
|
|
|
225
|
+# a client.
|
|
|
226
|
+allowkeytransmit=true
|
|
|
227
|
+
|
|
|
228
|
+# How often (in seconds) do we write all our data files (0 to disable)
|
|
|
229
|
+writeinterval=10
|
|
|
230
|
+
|
|
|
231
|
+# Do we use sound?
|
|
|
232
|
+# Not to be confused with GUI sound parameter, this controls wether or not the
|
|
|
233
|
+# server itself will play sound. Primarily for headless or automated systems.
|
|
|
234
|
+enablesound=false
|
|
|
235
|
+# Path to sound player
|
|
|
236
|
+soundbin=play
|
|
|
237
|
+
|
|
|
238
|
+sound=newnet,true
|
|
|
239
|
+sound=newcryptnet,true
|
|
|
240
|
+sound=packet,true
|
|
|
241
|
+sound=gpslock,true
|
|
|
242
|
+sound=gpslost,true
|
|
|
243
|
+sound=alert,true
|
|
|
244
|
+
|
|
|
245
|
+# Does the server have speech? (Again, not to be confused with the GUI's speech)
|
|
|
246
|
+enablespeech=false
|
|
|
247
|
+# Binary used for speech (if not in path, full path must be specified)
|
|
|
248
|
+speechbin=flite
|
|
|
249
|
+# Specify raw or festival; Flite (and anything else that doesn't need formatting
|
|
|
250
|
+# around the string to speak) is 'raw', festival requires the string be wrapped in
|
|
|
251
|
+# SayText("...")
|
|
|
252
|
+speechtype=raw
|
|
|
253
|
+
|
|
|
254
|
+# How do we speak? Valid options:
|
|
|
255
|
+# speech Normal speech
|
|
|
256
|
+# nato NATO spellings (alpha, bravo, charlie)
|
|
|
257
|
+# spell Spell the letters out (aye, bee, sea)
|
|
|
258
|
+speechencoding=nato
|
|
|
259
|
+
|
|
|
260
|
+speech=new,"New network detected s.s.i.d. %1 channel %2"
|
|
|
261
|
+speech=alert,"Alert %1"
|
|
|
262
|
+speech=gpslost,"G.P.S. signal lost"
|
|
|
263
|
+speech=gpslock,"G.P.S. signal O.K."
|
|
|
264
|
+
|
|
|
265
|
+# How many alerts do we backlog for new clients? Only change this if you have
|
|
|
266
|
+# a -very- low memory system and need those extra bytes, or if you have a high
|
|
|
267
|
+# memory system and a huge number of alert conditions.
|
|
|
268
|
+alertbacklog=50
|
|
|
269
|
+
|
|
|
270
|
+# File types to log, comma seperated. Built-in log file types:
|
|
|
271
|
+# alert Text file of alerts
|
|
|
272
|
+# gpsxml XML per-packet GPS log
|
|
|
273
|
+# nettxt Networks in text format
|
|
|
274
|
+# netxml Networks in XML format
|
|
|
275
|
+# pcapdump tcpdump/wireshark compatible pcap log file
|
|
|
276
|
+# string All strings seen (increases CPU load)
|
|
|
277
|
+logtypes=pcapdump,gpsxml,netxml,alert
|
|
|
278
|
+
|
|
|
279
|
+# Format of the pcap dump (PPI or 80211)
|
|
|
280
|
+pcapdumpformat=ppi
|
|
|
281
|
+# pcapdumpformat=80211
|
|
|
282
|
+
|
|
|
283
|
+# Default log title
|
|
|
284
|
+logdefault=Kismet
|
|
|
285
|
+
|
|
|
286
|
+# logtemplate - Filename logging template.
|
|
|
287
|
+# This is, at first glance, really nasty and ugly, but you'll hardly ever
|
|
|
288
|
+# have to touch it so don't complain too much.
|
|
|
289
|
+#
|
|
|
290
|
+# %p is replaced by the logging prefix + '/'
|
|
|
291
|
+# %n is replaced by the logging instance name
|
|
|
292
|
+# %d is replaced by the starting date as Mon-DD-YYYY
|
|
|
293
|
+# %D is replaced by the current date as YYYYMMDD
|
|
|
294
|
+# %t is replaced by the starting time as HH-MM-SS
|
|
|
295
|
+# %i is replaced by the increment log in the case of multiple logs
|
|
|
296
|
+# %l is replaced by the log type (pcapdump, strings, etc)
|
|
|
297
|
+# %h is replaced by the home directory
|
|
|
298
|
+
|
|
|
299
|
+logtemplate=%p%n-%D-%t-%i.%l
|
|
|
300
|
+
|
|
|
301
|
+# Where state info, etc, is stored. You shouldnt ever need to change this.
|
|
|
302
|
+# This is a directory.
|
|
|
303
|
+configdir=%h/.kismet/
|
|
|
304
|
+
|
Sebastian Wendel
10 years ago