Project update 16 of 20
Field Report: Running Kismet on the Ten64
by Michael KI’m the author of Kismet, a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework. Given the proper hardware (Wi-Fi, Bluetooth, ADSB, Zigbee, wireless sensors, etc.), Kismet can monitor multiple wireless protocols in large numbers. However, finding a compact system capable of supporting a diverse collection of radios, with enough RAM for a dense deployment environment, has been a challenge. So, I was very curious to see how the Ten64 would handle Kismet.
Advantages
When it comes to running Kismet, the Ten64 has three great advantages: mPCIe interfaces, USB3 with solid bandwidth, and an M.2 storage option for high-speed data logging. Typically, the compact hardware I’ve found can only provide two of these three features, which can make high-traffic environments very challenging.
Radios
With the combination of mPCIe and USB, a vast selection of radios and protocols become accessible, including: Ath9k Atheros abg-n is the go-to driver for stable Wi-Fi capture, prior to 11AC Intel AX200 is one of, if not the only, monitor-mode capable 11AX interface, and is only available as an mPCIe M2 adapter RTL-SDR offers a cheap, low-bandwidth, USB SDR, the USB interface easily supports multiple radios for different protocols.
Installing Kismet is much the same as with any other package on Linux-based systems; the Ten64 supports modern standard Linux distributions, which makes compiling trivial. Kismet can typically support around 20,000 devices per gb of RAM; with the 32 gb option on the Ten64, there should be more than enough memory even in dense conference environments. In addition, packet logging does not hit the bottlenecks and throughput issues often found on other, smaller devices logging to SD.
In the end, I found that Kismet on the Ten64 performs similar or better to an Intel NUC, but the hardware is far more expandable and runs a full Kismet capture server with ease.