Exam 312-50v11 topic 1 question 293 discussion

Answer is tshark: Kismet is technically not a protocol analyzer, it's a WiFi detector and sniffer.

CEH v11 manual pg.2269 Sniffing Wireless Traffic Sniffing is a type of eavesdropping in which attackers intercept all ongoing wireless communication. Attackers perform wireless sniffing by simply tuning a receiver to the target transmission frequency and identifying the target communication protocol used. Attackers analyze the captured traffic to perform further attacks on the target network. To sniff wireless traffic, an attacker needs to enable the monitor mode on their Wi-Fi card. All Wi-Fi cards do not support the monitor mode in Windows. The following link can be used to check whether a Wi-Fi card supports https://secwiki.org/w/Npcap/WiFi_adapters Attackers use tools such as Wireshark with Npcap, SteelCentral Packet Analyzer, OmniPeek Network Protocol Analyzer, CommView for Wi-Fi, and Kismet to sniff wireless networks.

ChatGPT answer: C. tshark Explanation: tshark is a network protocol analyzer that works on the command line. It is part of the Wireshark suite and is available for various platforms, including Linux. tshark allows users to capture and analyze network traffic, making it a passive tool for inspecting packets. Why the answer is not Kismet? Explanation: Kismet is primarily focused on wireless networks. It operates almost entirely passively, collecting and sorting wireless data. While it can be used for analyzing wireless packets, it is not designed for active attacks. Kismet is often associated with Linux-based systems, although versions exist for other platforms. It is used for monitoring and analyzing wireless network activity rather than actively interacting with the network. In this context, both tshark and Kismet can be considered passive wireless packet analyzers, but tshark is more generalized for overall network traffic analysis, while Kismet is specialized for wireless network monitoring.

Kismet is an 802.11 Layer-2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively collecting packets and detecting standard named networks. CEHv11 pg 1431

As saying " wireless" packet analyzer, so the answer is "kismet"

tshark is an analyzer while Kismet is a dictator like an IDS

The correct option is D. Kismet is in Linux but can't use kismet with Windows

The correcto option is D. Kismet is in Linux but can't use kismet with Windows.

https://www.kismetwireless.net/docs/readme/intro/passive_capture/ Kismet operates almost entirely passively, with a few exceptions (such as Bluetooth scanning mode) noted in the documentation for those capture types. Kismet is not an attack tool (generally) - to test your Wi-Fi security check out tools like Aircrack-NG or the Wi-Fi Pineapple. Kismet is largely focused on collecting, collating, and sorting wireless data. The logs generated by Kismet can be fed into other tools (the pcap, handshakes, and other data) like hashcat, aircrack, and more.

Kismet is an open-source wireless network detection and analysis tool that runs on various platforms, including Linux, BSD, and macOS. It can detect and capture wireless traffic, including hidden SSIDs and clients, monitor the network and perform passive and active scans. Kismet supports multiple wireless interfaces and can capture and analyze data from various wireless technologies. Overall, Kismet is a versatile tool that is widely used for wireless network monitoring, analysis, and security.

In summary, Tshark is a general-purpose packet analyzer that can analyze a wide range of network traffic, while Kismet is a wireless-specific tool that focuses on detecting and analyzing wireless network activity. Tshark is a passive tool that does not generate any traffic, while Kismet can generate traffic of its own.

Key word Analyzer

Kismet is not an analyzer, going with tshark.

I got this wrong too the first couple of times taking this test dump.. The correct answer is tshark because the key word they use is Analyzer, if we were purely just capturing the packets it would be kimset

Sniffing Wireless Traffic Attackers use tools such as Wireshark with Npcap, SteelCentral Packet Analyzer, OmniPeek Network Protocol Analyzer, CommView for Wi-Fi, and Kismet to sniff wireless networks. Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework, works on Linux, OSX, and, to a degree, Windows 10 under the WSL framework. https://www.kismetwireless.net/ (P.2269/2253)

KISMET is installed on kali Linux by default.

https://en.wikipedia.org/wiki/Kismet_(software)