123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304 |
- # Kismet config file
- # Most of the "static" configs have been moved to here -- the command line
- # config was getting way too crowded and cryptic. We want functionality,
- # not continually reading --help!
- # Version of Kismet config
- version=2009-newcore
- # Name of server (Purely for organizational purposes)
- # If commented out, defaults to host name of system
- # servername=Kismet Server
- # Prefix of where we log (as used in the logtemplate later)
- logprefix=/tmp
- # Do we process the contents of data frames? If this is enabled, data
- # frames will be truncated to the headers only immediately after frame type
- # detection. This will disable IP detection, etc, however it is likely
- # safer (and definitely more polite) if monitoring networks you do not own.
- # hidedata=true
- # Do we allow plugins to be used? This will load plugins from the system
- # and user plugin directiories when set to true (See the README for the default
- # plugin locations).
- allowplugins=false
- # See the README for full information on the new source format
- # ncsource=interface:options
- # for example:
- # ncsource=wifi0:type=madwifi
- # ncsource=wlan0:name=intel,hop=false,channel=11
- ncsource=wlan0
- # Comma-separated list of sources to enable. This is only needed if you defined
- # multiple sources and only want to enable some of them. By default, all defined
- # sources are enabled.
- # For example, if sources with name=prismsource and name=ciscosource are defined,
- # and you only want to enable those two:
- # enablesources=prismsource,ciscosource
- # Control which channels we like to spend more time on. By default, the list
- # of channels is pulled from the driver automatically. By setting preferred channels,
- # if they are present in the channel list, they'll be set with a timing delay so that
- # more time is spent on them. Since 1, 6, 11 are the common default channels, it makes
- # sense to spend more time monitoring them.
- # For finer control, see further down in the config for the channellist= directives.
- preferredchannels=1,6,11
- # How many channels per second do we hop? (1-10)
- channelvelocity=3
- # By setting the dwell time for channel hopping we override the channelvelocity
- # setting above and dwell on each channel for the given number of seconds.
- #channeldwell=10
- # Channels are defined as:
- # channellist=name:ch1,ch2,ch3
- # or
- # channellist=name:range-start-end-width-offset,ch,range,ch,...
- #
- # Channels may be a numeric channel or a frequency
- #
- # Channels may specify an additional wait period. For common default channels,
- # an additional wait period can be useful. Wait periods delay for that number
- # of times per second - so a configuration hopping 10 times per second with a
- # channel of 6:3 would delay 3/10ths of a second on channel 6.
- #
- # Channel lists may have up to 256 channels and ranges (combined). For power
- # users scanning more than 256 channels with a single card, ranges must be used.
- #
- # Ranges are meant for "power users" who wish to define a very large number of
- # channels. A range may specify channels or frequencies, and will automatically
- # sort themselves to cover channels in a non-overlapping fashion. An example
- # range for the normal 802.11b/g spectrum would be:
- #
- # range-1-11-3-1
- #
- # which indicates starting at 1, ending at 11, a channel width of 3 channels,
- # incrementing by one. A frequency based definition would be:
- #
- # range-2412-2462-22-5
- #
- # since 11g channels are 22 mhz wide and 5 mhz apart.
- #
- # Ranges have the flaw that they cannot be shared between sources in a non-overlapping
- # way, so multiple sources using the same range may hop in lockstep with each other
- # and duplicate the coverage.
- #
- # channellist=demo:1:3,6:3,11:3,range-5000-6000-20-10
- # Default channel lists
- # These channel lists MUST BE PRESENT for Kismet to work properly. While it is
- # possible to change these, it is not recommended. These are used when the supported
- # channel list can not be found for the source; to force using these instead of
- # the detected supported channels, override with channellist= in the source definition
- #
- # IN GENERAL, if you think you want to modify these, what you REALLY want to do is
- # copy them and use channellist= in the packet source.
- channellist=IEEE80211b:1:3,6:3,11:3,2,7,3,8,4,9,5,10
- channellist=IEEE80211a:36,40,44,48,52,56,60,64,149,153,157,161,165
- channellist=IEEE80211ab:1:3,6:3,11:3,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64,149,153,157,161,165
- # Client/server listen config
- listen=tcp://127.0.0.1:2501
- #listen=tcp://0.0.0.0:2501
- # People allowed to connect, comma separated IP addresses or network/mask
- # blocks. Netmasks can be expressed as dotted quad (/255.255.255.0) or as
- # numbers (/24)
- allowedhosts=127.0.0.1
- # Maximum number of concurrent GUI's
- maxclients=5
- # Maximum backlog before we start throwing out or killing clients. The
- # bigger this number, the more memory and the more power it will use.
- maxbacklog=5000
- # Server + Drone config options. To have a Kismet server export live packets
- # as if it were a drone, uncomment these.
- # dronelisten=tcp://127.0.0.1:3501
- # droneallowedhosts=127.0.0.1
- # dronemaxclients=5
- # droneringlen=65535
- # OUI file, expected format 00:11:22<tab>manufname
- # IEEE OUI file used to look up manufacturer info. We default to the
- # wireshark one since most people have that.
- #ouifile=/usr/share/manuf
- # Do we have a GPS?
- gps=false
- # Do we use a locally serial attached GPS, or use a gpsd server, or
- # use a fixed virtual gps?
- # (Pick only one)
- gpstype=gpsd
- # Host:port that GPSD is running on. This can be localhost OR remote!
- gpshost=localhost:2947
- # gpstype=serial
- # What serial device do we look for the GPS on?
- # gpsdevice=/dev/rfcomm0
- # gpstype=virtual
- # gpsposition=100,-50
- # gpsaltitude=1234
- # Do we lock the mode? This overrides coordinates of lock "0", which will
- # generate some bad information until you get a GPS lock, but it will
- # fix problems with GPS units with broken NMEA that report lock 0
- gpsmodelock=false
- # Do we try to reconnect if we lose our link to the GPS, or do we just
- # let it die and be disabled?
- gpsreconnect=true
- # Do we export packets over tun/tap virtual interfaces?
- tuntap_export=false
- # What virtual interface do we use
- tuntap_device=kistap0
- # Packet filtering options:
- # filter_tracker - Packets filtered from the tracker are not processed or
- # recorded in any way.
- # filter_export - Controls what packets influence the exported CSV, network,
- # xml, gps, etc files.
- # All filtering options take arguments containing the type of address and
- # addresses to be filtered. Valid address types are 'ANY', 'BSSID',
- # 'SOURCE', and 'DEST'. Filtering can be inverted by the use of '!' before
- # the address. For example,
- # filter_tracker=ANY(!"00:00:DE:AD:BE:EF")
- # has the same effect as the previous mac_filter config file option.
- # filter_tracker=...
- # filter_dump=...
- # filter_export=...
- # filter_netclient=...
- # Alerts to be reported and the throttling rates.
- # alert=name,throttle/unit,burst
- # The throttle/unit describes the number of alerts of this type that are
- # sent per time unit. Valid time units are second, minute, hour, and day.
- # Burst describes the number of alerts sent before throttling takes place.
- # For example:
- # alert=FOO,10/min,5
- # Would allow 5 alerts through before throttling is enabled, and will then
- # limit the number of alerts to 10 per minute.
- # A throttle rate of 0 disables throttling of the alert.
- # See the README for a list of alert types.
- alert=ADHOCCONFLICT,5/min,1/sec
- alert=AIRJACKSSID,5/min,1/sec
- alert=APSPOOF,10/min,1/sec
- alert=BCASTDISCON,5/min,2/sec
- alert=BSSTIMESTAMP,5/min,1/sec
- alert=CHANCHANGE,5/min,1/sec
- alert=CRYPTODROP,5/min,1/sec
- alert=DISASSOCTRAFFIC,10/min,1/sec
- alert=DEAUTHFLOOD,5/min,2/sec
- alert=DEAUTHCODEINVALID,5/min,1/sec
- alert=DISCONCODEINVALID,5/min,1/sec
- alert=DHCPNAMECHANGE,5/min,1/sec
- alert=DHCPOSCHANGE,5/min,1/sec
- alert=DHCPCLIENTID,5/min,1/sec
- alert=DHCPCONFLICT,10/min,1/sec
- alert=NETSTUMBLER,5/min,1/sec
- alert=LUCENTTEST,5/min,1/sec
- alert=LONGSSID,5/min,1/sec
- alert=MSFBCOMSSID,5/min,1/sec
- alert=MSFDLINKRATE,5/min,1/sec
- alert=MSFNETGEARBEACON,5/min,1/sec
- alert=NULLPROBERESP,5/min,1/sec
- alert=PROBENOJOIN,5/min,1/sec
- # Controls behavior of the APSPOOF alert. SSID may be a literal match (ssid=) or
- # a regex (ssidregex=) if PCRE was available when kismet was built. The allowed
- # MAC list must be comma-separated and enclosed in quotes if there are multiple
- # MAC addresses allowed. MAC address masks are allowed.
- #apspoof=Foo1:ssidregex="(?i:foobar)",validmacs=00:11:22:33:44:55
- #apspoof=Foo2:ssid="Foobar",validmacs="00:11:22:33:44:55,aa:bb:cc:dd:ee:ff"
- # Known WEP keys to decrypt, bssid,hexkey. This is only for networks where
- # the keys are already known, and it may impact throughput on slower hardware.
- # Multiple wepkey lines may be used for multiple BSSIDs.
- # wepkey=00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900
- # Is transmission of the keys to the client allowed? This may be a security
- # risk for some. If you disable this, you will not be able to query keys from
- # a client.
- allowkeytransmit=true
- # How often (in seconds) do we write all our data files (0 to disable)
- writeinterval=10
- # Do we use sound?
- # Not to be confused with GUI sound parameter, this controls wether or not the
- # server itself will play sound. Primarily for headless or automated systems.
- enablesound=false
- # Path to sound player
- soundbin=play
- sound=newnet,true
- sound=newcryptnet,true
- sound=packet,true
- sound=gpslock,true
- sound=gpslost,true
- sound=alert,true
- # Does the server have speech? (Again, not to be confused with the GUI's speech)
- enablespeech=false
- # Binary used for speech (if not in path, full path must be specified)
- speechbin=flite
- # Specify raw or festival; Flite (and anything else that doesn't need formatting
- # around the string to speak) is 'raw', festival requires the string be wrapped in
- # SayText("...")
- speechtype=raw
- # How do we speak? Valid options:
- # speech Normal speech
- # nato NATO spellings (alpha, bravo, charlie)
- # spell Spell the letters out (aye, bee, sea)
- speechencoding=nato
- speech=new,"New network detected s.s.i.d. %1 channel %2"
- speech=alert,"Alert %1"
- speech=gpslost,"G.P.S. signal lost"
- speech=gpslock,"G.P.S. signal O.K."
- # How many alerts do we backlog for new clients? Only change this if you have
- # a -very- low memory system and need those extra bytes, or if you have a high
- # memory system and a huge number of alert conditions.
- alertbacklog=50
- # File types to log, comma separated. Built-in log file types:
- # alert Text file of alerts
- # gpsxml XML per-packet GPS log
- # nettxt Networks in text format
- # netxml Networks in XML format
- # pcapdump tcpdump/wireshark compatible pcap log file
- # string All strings seen (increases CPU load)
- logtypes=pcapdump,gpsxml,netxml,alert
- # Format of the pcap dump (PPI or 80211)
- pcapdumpformat=ppi
- # pcapdumpformat=80211
- # Default log title
- logdefault=Kismet
- # logtemplate - Filename logging template.
- # This is, at first glance, really nasty and ugly, but you'll hardly ever
- # have to touch it so don't complain too much.
- #
- # %p is replaced by the logging prefix + '/'
- # %n is replaced by the logging instance name
- # %d is replaced by the starting date as Mon-DD-YYYY
- # %D is replaced by the current date as YYYYMMDD
- # %t is replaced by the starting time as HH-MM-SS
- # %i is replaced by the increment log in the case of multiple logs
- # %l is replaced by the log type (pcapdump, strings, etc)
- # %h is replaced by the home directory
- logtemplate=%p%n-%D-%t-%i.%l
- # Where state info, etc, is stored. You shouldn't ever need to change this.
- # This is a directory.
- configdir=%h/.kismet/
|