We’re often asked what hardware works well with Kismet; here’s a list of some useful starting points with links to Amazon. These links help the Kismet project a little if you use them to order, but by all means order from where ever works best for you!
The Scientist & Engineers Guide to Digital Signal Processing
Interested in getting into how the SDR capture code works? The Scientist and Engineers Guide to Digital Signal Processing is a very approachable introduction and reference.
This is a relatively new 802.11AC chipset which has increasingly good Linux support built into the kernel. You need Linux 4.19.7 or later, and Linux 5.0 preferred for this to work. This card does not work with Raspberry Pi or other Arm devices, but may do in the future. There are several flavors of this card:
In general we’d suggest avoiding this card due to continual driver issues, but on some platforms it’s the only real option for 802.11AC capture. This chipset has a lot more quirks than the MT7612U, but can work on more devices; specifically, once you massage the drivers into working (or use Kali), it will work with the Raspberry Pi3. This requires drivers which are not part of the kernel and can be difficult to compile. It often exhibits significant issues, but is capable of sniffing 802.11AC. There are many, many, many flavors of this card, all with subtly different form factors, frequency capabilities, and antenna options. Some we’ve used with success:
- The basic 1x1 dual-band model. This is very cheap, but can see dual bands, and accepts an antenna.
- The dual-band version has dual-band capability, but the antennas are not removable. This is a very very cheap card with moderate capability, but don’t expect to be able to use it for more advanced things.
Other Radios and SDR
Most of the SDR capture sources in Kismet use the RTLSDR radios - they’re cheap, low power, and easy to get running. Like Wi-Fi, a SDR radio can only tune to one range of frequencies at a time: Often it makes sense to get multiple radios, one for each SDR-based protocol you want to monitor.
- The RTLSDR Kit with the radio, several antennas, and mounts, is a good place to start.
- The stand-along RTLSDR blog radio comes with BIAS-T power injection (for running external amps and filters).
- The nooelec version of the RTLSDR is low profile for fitting multiple radios into adjacent USB ports. The basic model lacks bias-t power injection, however.
- The nooelec smartee has continual bias-t power injection and a similar physical profile allowing multiple radios to be used on adjacent ports.
The CC2540 BTLE card is a super cheap BTLE capture card (for advertisements only). While it lacks an external antenna jack, it can be modified, and the cost makes up for a lot.
Similar to the CC2540, the CC2531 is an ultra cheap zigbee/802.15.4 capture card. It lacks an external antenna and is 2.4GHz only, but the cost makes up for it.
Coupled with a RTL-SDR, antennas specific for ADSB can help increase your range for plane spotting using the new Kismet ADSB capture source. Remember though - you’re unlikely to get more range than your line of sight, so often it’s easier to see more distant planes at a higher altitude. Some good tools include:
- The FlightAware 1090MHz antenna from the FlightAware team.
- An N to SMA cable is needed to connect the antenna to the RTL-SDR. Notice you need a standard SMA cable not a RP-SMA for most SDRs! Generally you want to keep this as short as possible.
- Optionally, a 1090MHz Filter/Amplifier. If you have a busy RF environment, are near a large FM broadcast antenna, or are otherwise getting weak signals, a combination filter and amplifier can dramatically increase your coverage. You’ll need a bias-tee capable sdr to power the amplifier!
Servers / SBCs
Most people will run Kismet on a laptop; if you’re looking for some embedded solutions, however, it runs better on some hardware than others:
Intel Compute Stick CS125
The CS125 is a tiny Intel Atom quad-core processor with 2 gig of RAM. It’s got on-board Intel 802.11AC and Bluetooth, can run Linux, and with a modern kernel (5.0 or higher) the onboard 802.11AC works excellently. We use these as distributed sensors and portable systems; With 2GB of ram you’re likely good for about 60,000 devices per session before RAM becomes a problem. They’re also fantastic as distributed fixed sensors w/ rolling logs. You can also use USB Wi-Fi cards, RTLSDR, and so on with them.
Intel Compute Stick CS325
The CS325 is the updated version of the 125; it’s got a M3 processor instead of an Atom, 4GB of RAM, and USB-C. This is much more suited for a portable Kismet system connected to a Windows laptop, or as a replacement for a full mobile system in a vehicle, due to its cost. Like the 125 you can use SDR and USB Wi-Fi cards as well as the internals.
The Intel NUC is an excellent device for serious capture, but it’s not the best for portability or if your budget is tight. Don’t forget RAM and a SSD. For aggregating multiple remote captures or busy environments, a strong server with lots of RAM is a must!
Raspberry Pi 4
The Raspberry Pi 4 is a significant upgrade from the model 3; the model with 4 gig of RAM is quite competent for running Kismet in many moderate to busy environments, and a must for running the Mediatek 802.11AC USB cards.