# Kismet config file# Most of the "static" configs have been moved to here --

1. # Kismet config file
2. # Most of the "static" configs have been moved to here -- the command line
3. # config was getting way too crowded and cryptic.  We want functionality,
4. # not continually reading --help!
5.  
6. # Version of Kismet config
7. version=2009-newcore
8.  
9. # Name of server (Purely for organizational purposes)
10. servername=Kismet_2009
11.  
12. # Prefix of where we log (as used in the logtemplate later)
13. logprefix=/tmp
14.  
15. # Do we allow plugins to be used?  This will load plugins from the system
16. # and user plugin directiories when set to true (See the README for the default
17. # plugin locations).
18. allowplugins=true
19.  
20. # See the README for full information on the new source format
21. # ncsource=interface:options
22. # for example:
23. ncsource=wlan0
24. # ncsource=wifi0:type=madwifi
25. # ncsource=wlan0:name=intel,hop=false,channel=11
26.  
27. # Comma-separated list of sources to enable.  This is only needed if you defined
28. # multiple sources and only want to enable some of them.  By default, all defined
29. # sources are enabled.
30. # For example, if sources with name=prismsource and name=ciscosource are defined,
31. # and you only want to enable those two:
32. # enablesources=prismsource,ciscosource
33.  
34. # Control which channels we like to spend more time on.  By default, the list
35. # of channels is pulled from the driver automatically.  By setting preferred channels,
36. # if they are present in the channel list, they'll be set with a timing delay so that
37. # more time is spent on them.  Since 1, 6, 11 are the common default channels, it makes
38. # sense to spend more time monitoring them.
39. # For finer control, see further down in the config for the channellist= directives.
40. preferredchannels=1,6,11
41.  
42. # How many channels per second do we hop?  (1-10)
43. channelvelocity=3
44.  
45. # By setting the dwell time for channel hopping we override the channelvelocity
46. # setting above and dwell on each channel for the given number of seconds.
47. #channeldwell=10
48.  
49. # Channels are defined as:
50. # channellist=name:ch1,ch2,ch3
51. # or
52. # channellist=name:range-start-end-width-offset,ch,range,ch,...
53. #
54. # Channels may be a numeric channel or a frequency
55. #
56. # Channels may specify an additional wait period.  For common default channels,
57. # an additional wait period can be useful.  Wait periods delay for that number
58. # of times per second - so a configuration hopping 10 times per second with a
59. # channel of 6:3 would delay 3/10ths of a second on channel 6.
60. #
61. # Channel lists may have up to 256 channels and ranges (combined).  For power
62. # users scanning more than 256 channels with a single card, ranges must be used.
63. #
64. # Ranges are meant for "power users" who wish to define a very large number of
65. # channels.  A range may specify channels or frequencies, and will automatically
66. # sort themselves to cover channels in a non-overlapping fashion.  An example
67. # range for the normal 802.11b/g spectrum would be:
68. #
69. # range-1-11-3-1
70. #
71. # which indicates starting at 1, ending at 11, a channel width of 3 channels,
72. # incrementing by one.  A frequency based definition would be:
73. #
74. # range-2412-2462-22-5
75. #
76. # since 11g channels are 22 mhz wide and 5 mhz apart.
77. #
78. # Ranges have the flaw that they cannot be shared between sources in a non-overlapping
79. # way, so multiple sources using the same range may hop in lockstep with each other
80. # and duplicate the coverage.
81. #
82. # channellist=demo:1:3,6:3,11:3,range-5000-6000-20-10
83.  
84. # Default channel lists
85. # These channel lists MUST BE PRESENT for Kismet to work properly.  While it is
86. # possible to change these, it is not recommended.  These are used when the supported
87. # channel list can not be found for the source; to force using these instead of
88. # the detected supported channels, override with channellist= in the source defintion
89. #
90. # IN GENERAL, if you think you want to modify these, what you REALLY want to do is
91. # copy them and use channellist= in the packet source.
92. channellist=IEEE80211b:1:3,6:3,11:3,2,7,3,8,4,9,5,10
93. channellist=IEEE80211a:36,40,44,48,52,56,60,64,149,153,157,161,165
94. channellist=IEEE80211ab:1:3,6:3,11:3,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64,149,153,157,161,165
95.  
96. # Client/server listen config
97. listen=tcp://127.0.0.1:2501
98. # People allowed to connect, comma seperated IP addresses or network/mask
99. # blocks.  Netmasks can be expressed as dotted quad (/255.255.255.0) or as
100. # numbers (/24)
101. allowedhosts=127.0.0.1
102. # Maximum number of concurrent GUI's
103. maxclients=5
104. # Maximum backlog before we start throwing out or killing clients.  The
105. # bigger this number, the more memory and the more power it will use.
106. maxbacklog=5000
107.  
108. # Server + Drone config options.  To have a Kismet server export live packets
109. # as if it were a drone, uncomment these.
110. # dronelisten=tcp://127.0.0.1:3501
111. # droneallowedhosts=127.0.0.1
112. # dronemaxclients=5
113. # droneringlen=65535
114.  
115. # OUI file, expected format 00:11:22<tab>manufname
116. # IEEE OUI file used to look up manufacturer info.  We default to the
117. # wireshark one since most people have that.
118. ouifile=/etc/manuf
119. ouifile=/usr/share/wireshark/wireshark/manuf
120. ouifile=/usr/share/wireshark/manuf
121.  
122. # Do we have a GPS?
123. gps=false
124. # Do we use a locally serial attached GPS, or use a gpsd server?
125. # (Pick only one)
126. gpstype=gpsd
127. # gpstype=serial
128. # What serial device do we look for the GPS on?
129. gpsdevice=/dev/rfcomm0
130. # Host:port that GPSD is running on.  This can be localhost OR remote!
131. gpshost=localhost:2947
132. # Do we lock the mode?  This overrides coordinates of lock "0", which will
133. # generate some bad information until you get a GPS lock, but it will
134. # fix problems with GPS units with broken NMEA that report lock 0
135. gpsmodelock=false
136. # Do we try to reconnect if we lose our link to the GPS, or do we just
137. # let it die and be disabled?
138. gpsreconnect=true
139.  
140. # Do we export packets over tun/tap virtual interfaces?
141. tuntap_export=false
142. # What virtual interface do we use
143. tuntap_device=kistap0
144.  
145. # Packet filtering options:
146. # filter_tracker - Packets filtered from the tracker are not processed or
147. #                  recorded in any way.
148. # filter_export  - Controls what packets influence the exported CSV, network,
149. #                  xml, gps, etc files.
150. # All filtering options take arguments containing the type of address and
151. # addresses to be filtered.  Valid address types are 'ANY', 'BSSID',
152. # 'SOURCE', and 'DEST'.  Filtering can be inverted by the use of '!' before
153. # the address.  For example,
154. # filter_tracker=ANY(!"00:00:DE:AD:BE:EF")
155. # has the same effect as the previous mac_filter config file option.
156. # filter_tracker=...
157. # filter_dump=...
158. # filter_export=...
159. # filter_netclient=...
160.  
161. # Alerts to be reported and the throttling rates.
162. # alert=name,throttle/unit,burst
163. # The throttle/unit describes the number of alerts of this type that are
164. # sent per time unit.  Valid time units are second, minute, hour, and day.
165. # Burst describes the number of alerts sent before throttling takes place.
166. # For example:
167. # alert=FOO,10/min,5
168. # Would allow 5 alerts through before throttling is enabled, and will then
169. # limit the number of alerts to 10 per minute.
170. # A throttle rate of 0 disables throttling of the alert.
171. # See the README for a list of alert types.
172. alert=ADHOCCONFLICT,5/min,1/sec
173. alert=AIRJACKSSID,5/min,1/sec
174. alert=APSPOOF,10/min,1/sec
175. alert=BCASTDISCON,5/min,2/sec
176. alert=BSSTIMESTAMP,5/min,1/sec
177. alert=CHANCHANGE,5/min,1/sec
178. alert=CRYPTODROP,5/min,1/sec
179. alert=DISASSOCTRAFFIC,10/min,1/sec
180. alert=DEAUTHFLOOD,5/min,2/sec
181. alert=DEAUTHCODEINVALID,5/min,1/sec
182. alert=DISCONCODEINVALID,5/min,1/sec
183. alert=DHCPNAMECHANGE,5/min,1/sec
184. alert=DHCPOSCHANGE,5/min,1/sec
185. alert=DHCPCLIENTID,5/min,1/sec
186. alert=DHCPCONFLICT,10/min,1/sec
187. alert=NETSTUMBLER,5/min,1/sec
188. alert=LUCENTTEST,5/min,1/sec
189. alert=LONGSSID,5/min,1/sec
190. alert=MSFBCOMSSID,5/min,1/sec
191. alert=MSFDLINKRATE,5/min,1/sec
192. alert=MSFNETGEARBEACON,5/min,1/sec
193. alert=NULLPROBERESP,5/min,1/sec
194. #alert=PROBENOJOIN,5/min,1/sec
195.  
196. # Controls behavior of the APSPOOF alert.  SSID may be a literal match (ssid=) or
197. # a regex (ssidregex=) if PCRE was available when kismet was built.  The allowed
198. # MAC list must be comma-separated and enclosed in quotes if there are multiple
199. # MAC addresses allowed.  MAC address masks are allowed.
200. apspoof=Foo1:ssidregex="(?i:foobar)",validmacs=00:11:22:33:44:55
201. apspoof=Foo2:ssid="Foobar",validmacs="00:11:22:33:44:55,aa:bb:cc:dd:ee:ff"
202.  
203. # Known WEP keys to decrypt, bssid,hexkey.  This is only for networks where
204. # the keys are already known, and it may impact throughput on slower hardware.
205. # Multiple wepkey lines may be used for multiple BSSIDs.
206. # wepkey=00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900
207.  
208. # Is transmission of the keys to the client allowed?  This may be a security
209. # risk for some.  If you disable this, you will not be able to query keys from
210. # a client.
211. allowkeytransmit=true
212.  
213. # How often (in seconds) do we write all our data files (0 to disable)
214. writeinterval=300
215.  
216. # Do we use sound?
217. # Not to be confused with GUI sound parameter, this controls wether or not the
218. # server itself will play sound.  Primarily for headless or automated systems.
219. enablesound=false
220. # Path to sound player
221. soundbin=play
222.  
223. sound=newnet,true
224. sound=newcryptnet,true
225. sound=packet,true
226. sound=gpslock,true
227. sound=gpslost,true
228. sound=alert,true
229.  
230. # Does the server have speech? (Again, not to be confused with the GUI's speech)
231. enablespeech=false
232. # Binary used for speech (if not in path, full path must be specified)
233. speechbin=flite
234. # Specify raw or festival; Flite (and anything else that doesn't need formatting
235. # around the string to speak) is 'raw', festival requires the string be wrapped in
236. # SayText("...")
237. speechtype=raw
238.  
239. # How do we speak?  Valid options:
240. # speech    Normal speech
241. # nato      NATO spellings (alpha, bravo, charlie)
242. # spell     Spell the letters out (aye, bee, sea)
243. speechencoding=nato
244.  
245. speech=new,"New network detected s.s.i.d. %1 channel %2"
246. speech=alert,"Alert %1"
247. speech=gpslost,"G.P.S. signal lost"
248. speech=gpslock,"G.P.S. signal O.K."
249.  
250. # How many alerts do we backlog for new clients?  Only change this if you have
251. # a -very- low memory system and need those extra bytes, or if you have a high
252. # memory system and a huge number of alert conditions.
253. alertbacklog=50
254.  
255. # File types to log, comma seperated.  Built-in log file types:
256. # alert             Text file of alerts
257. # gpsxml            XML per-packet GPS log
258. # nettxt            Networks in text format
259. # netxml            Networks in XML format
260. # pcapdump          tcpdump/wireshark compatible pcap log file
261. # string            All strings seen (increases CPU load)
262. logtypes=pcapdump,gpsxml,netxml,nettxt,alert
263.  
264. # Format of the pcap dump (PPI or 80211)
265. pcapdumpformat=ppi
266. # pcapdumpformat=80211
267.  
268. # Default log title
269. logdefault=Kismet
270.  
271. # logtemplate - Filename logging template.
272. # This is, at first glance, really nasty and ugly, but you'll hardly ever
273. # have to touch it so don't complain too much.
274. #
275. # %p is replaced by the logging prefix + '/'
276. # %n is replaced by the logging instance name
277. # %d is replaced by the starting date as Mon-DD-YYYY
278. # %D is replaced by the current date as YYYYMMDD
279. # %t is replaced by the starting time as HH-MM-SS
280. # %i is replaced by the increment log in the case of multiple logs
281. # %l is replaced by the log type (pcapdump, strings, etc)
282. # %h is replaced by the home directory
283.  
284. logtemplate=%p%n-%D-%t-%i.%l
285.  
286. # Where state info, etc, is stored.  You shouldnt ever need to change this.
287. # This is a directory.
288. configdir=%h/.kismet/