RFAQ - Really Frequently Asked Questions

At the very least, please read all of these. More information is below that expands on these points and more. Thanks!

Does my AirPort Extreme work?

Yes, with the limitations detailed below. If you've updated to OS 10.4.10, you MUST use r239. OS 10.5 (Leopard) AirPort Extreme passive mode support should be working as of [278] on both Intel and PPC but has seen improvement in the merge; please use r283 for now. For issues with r278 please post to ticket #258 if you find this is not the case: machine; chipset; OS version; console, system, and crash logs; and your nick (and anything else as linked later in this FAQ). Work on improving these drivers is ongoing and Geoff says more improvements should come in the following weeks.

What device(s) can inject?

You need an rtl8187 (known to work on PPC with Leopard but not Intel Tiger) or an rt73 device to inject under KisMAC. Prism2 injection is temporarily broken from the merge process but will be restored as soon as possible.

Why can't I crack my WEP/WPA key?

The definitive source for key recovery is the aircrack-ng suite. While KisMAC does include aircrack 0.3, it's really quite old at this point and nowhere near as effective as the current aircrack-ng suite of tools is (currently at 1.0-beta2). You can use the aircrack-ng application on a pcap dump collected by KisMAC (be sure to select "Keep everything" in the preferences) if you have a capture device that doesn't mangle or pass on bad frames. Also, Prism2 owners be sure to see below.

I can't get my Ralink USB card to work

Don't install Ralink's drivers or the drivers that came with the card, and delete the old KisMAC pref file. It is possible that your device hasn't been added to the code's list of supported devices; instructions for testing new device and vendor codes will be forthcoming.

When will Ralink cards support injection?

rt73 devices are known to successfully inject under Leopard on PPC machines; please discuss on the forums to confirm functionality on any architecture and OS combination. rt2570 is proving to be less stable right now and it is still in progress.

I see lots of packets but no unique IVs

You're probably using an AirPort Extreme card in passive mode and haven't checked its limitations, or any device in active mode. You may be looking at a WPA network, where IVs are irrelevant. Otherwise, it's likely that the network simply has no traffic.

KisMAC just isn't working right

Close KisMAC and delete the preference file. Open KisMAC back up and set the necessary preferences. You must always do this before running a different build than the one you last ran, and it can be the fix for many strange behaviour issues when nothing else seems to have changed. The pref file for trunk r258 and earlier as well as all branches is ~/Library/Preferences/de.binaervarianz.kismac.plist (where ~ is your home folder). Trunk r259 through r263 used com.kismac-ng.kismac.plist and trunk r264 and newer use org.kismac-ng.kismac.plist as is fitting of our non-commercial nature. Isn't change fun?

Active? Passive?

  • Active mode, also referred to as managed mode, sends probe requests and is pretty boring.
  • Passive mode is more commonly known as monitor mode or rfmon, and passively monitors what's already in the air without transmitting or interfering in it.
  • Active attacks like deauth and reinjection (where supported) require your device to be in monitor or passive mode.

FAQ - General

Why should I use KisMAC instead of something else?

  • Passive Stumbling (now on AirPort and AirPort Extreme cards as of r148) - you can find hidden networks, tunnels, and see probe requests.
  • WEP and WPA cracking features - test out the security of (your own) wireless networks.
  • Huge vendor.db that can identify the vendor of EVERY access point out there whose creator is registered with the IEEE.
  • MacStumbler and iStumbler only support active stumbling on AirPort cards. We support many third-party cards as well.
  • MacStumbler has GPS integration (it records the GPS coordinates that the network was last seen as), and iStumbler has it in pre-alpha (i.e. it doesn't work). We have fully working GPS support and moving-map display. MacStumbler can only give you a list of coordinates.
  • Area mapping - plot the regions of high and low signal strength on a map.
  • It's free and open source. Netstumbler, which is not even in active development any more, requires payment for commercial usage.

What is required to run KisMAC?

  • Apple AirPort, AirPort Extreme, Prism2 PCMCIA, Orinoco PCMCIA, Cisco Aironet PCMCIA, Atheros b/g card. Prism2 USB, Ralink rt73 and rt2570 USB, and rtl8187 devices are also supported.
  • PrismGT cards are supported with the latest GTDriver.

See our hardware list for more information

  • Apple Mac OS 10.5.1 for r242 and newer (Use Xcode 3.0 to build your own)
  • Apple Mac OS 10.4.2 for r63 through r241 (AirPort Extreme under 10.4.10 and newer requires r239 through r241)
  • Apple Mac OS 10.3.x for 0.12a to r62
  • Apple Mac OS 10.2.x for all versions to 0.11a
  • (Recommended) External antenna (Will allow the capture of packets in a wider area)
  • (Recommended) NMEA compatible GPS (Allows you to analyze geographical data =)), needs to be OSX compatible!

Under What License is KisMAC Published?

KisMAC is GPL General Public License

Why is KisMAC an alpha version?

  • Not all features are implemented yet.
  • Very little testing has been performed.
  • This is the original developer's first Macintosh application.
  • There is no security design in KisMAC.
  • We develop for fun and testing is boring =)

What relationship does KisMAC have with Kismet?

Kismet and KisMAC are both passive stumblers which work under MacOS X. The most significant difference is that Kismet is a CLI (command line interface) program while KisMAC uses a GUI (graphical user interface). It used to be a play on words as MacStumbler is to NetStumbler. Those two are active probers and KisMAC was supposed to be the Kismet-like passive tool for OS X, back when there was no Kismet port.

Where can I download KisMAC from?

Have a look at our download page.

How do I translate KisMAC to other languages?

Due to the lack of past interest and maintenance, KisMAC is only available in English. Long-term commitments to maintain additional localizations can be considered; please contact us via the forums if this is of interest to you.

What are Known Bugs?

Please post serious bugs on the trac. Make sure to include the console, system, and crash log outputs from KisMAC start to end uploaded with your bug (found in /Applications/Utilities/Console.app), crash logs if appropriate, and list every relevant detail: machine type and model (e.g. MacBook Pro 2,2) OS version, revision of KisMAC as well as trunk or branch, the chipset you are trying to use, detail of what you tried to do, exact error messages as displayed on screen, and anything else that might be relevant or that happened at the time of the issue. (This list is detailed on the forum as well.)

If you are having problems getting your setup to work please DO NOT post to the trac; instead please reread this FAQ, then search the forums before submitting a post, or go to the irc channel and talk to the folks there. Please do one or the other, not both: we're happy to help, but it's a waste of our time and everyone else's to go through things twice for the exact same issue. We are trying to keep the trac tickets for only serious, documentable issues. Feature requests should be filed and discussed here.

Where can I find other KisMAC users?

You can join the mailing list, read and post in the forum, and you can join us on IRC at #KisMAC on irc.freenode.net.

How did we end up getting AirPort Extreme Passive Mode?

We managed to find an IORegistry key in Apple's 10.4 driver (APMonitorMode) that enables rfmon mode and passes all the packets to an interface called wlt1. The feature has been in SVN since r74 and builds since r148. This is a solution for us, but those wanting a linux driver still miss out; you can sign the BCM4301 petition and help them.

With our own drivers, we some day (more likely a very long time from now) may be able to do packet injection on AirPort Extreme. Please contact us if you have the desire to work on this or have information that might be of assistance toward this task.

Why isn't KisMAC working with my AirPort Extreme card?

Apple uses the name "AirPort Extreme" to refer to every version of 802.11g and draft-n compatible wireless card they have ever put into a computer. While some of these cards are supported, the level of support varies from card to card. You must be using at least r148 (look in KisMAC, About to find the revision number) for any support, and r239 if you are running OS 10.4.10. On the Intel machines that use Atheros chipsets (including the MacBook and MacBook Pro) the card cannot collect valid data or unique IVs as it attempts to decrypt packets in hardware with the wrong key. We don't yet know if Broadcom cards in Intel machines (iMac, Mac Pro) suffer the same issue or not. PPC machines shouldn't have this issue, though Broadcom cards are reported to have generally corrupt frames on any platform (they pass on corrupt frames that aren't properly checksummed). No AirPort Extreme cards support injection.

When will AirPort Extreme be working, complete with injection?

Do not wait for it. While it's conceivable that this may someday be possible for some chipset(s), it will not happen any time in the foreseeable future. We welcome driver coders willing to work on this project.

Will there be support for 54 Mbit devices?

It is here! rt73 and rtl8187 are fully supported! We know they scan and inject on PPC machines under Leopard (10.5.4) but know that rtl8187 does not yet scan on Intel Tiger (10.4.10). Please test on your systems and post your results to the forum so we can continue to fine tune things. Because of the significant back-end work that was necessary, Prism2 and rt2570 also scan passively but Prism2 injection is temporarily broken and rt2570 needs more work on the basic driver. rt2570 currently doesn't capture all packets because it produces a huge amount of CRC errors; work will continue on this. rt2570 and rt73 are sometimes referred to as rt25xx or rt2x00.

Other chipsets have been discussed but have not been found to be practical enough to pursue. We're open to suggestions, but wide availability of devices using a given chipset and an available Linux driver greatly aid a decision.

I have money, what hardware should I buy?

It depends. What you really need to ask yourself is what chipset you want. After that, you can look at price and features to decide upon a particular device that includes that chipset. If you want injection with KisMAC, you really want a device with either an rtl8187 or an rt73 chipset. Both are fairly readily available at a variety of price points and feature sets.

Prism2 chipsets have also injected and will again but Prism2 reinjection is only effective on a network that has 802.11b clients connected. They can, however, sniff the existence of 802.11g networks (see below for more details).

If this isn't good enough for you, you can inject with a Ralink or Realtek device by using the aircrack-ng suite under any linux install, BackTrack under VMware (or Parallels, though they have inferior USB support and no Linux tools), or the aircrack-ng virtual machine under VMware Fusion. These solutions only work on Intel Macs or other x86 PCs and requires you use the command line.

If you don't need injection, any supported chipset will work for you.

Don't forget to look at our personal hardware choices to aid your decisions.

I want to get a Ralink USB card, where can I find one?

All over the place, from eBay to online retailers to physical electronics stores. These are generally current products. Two recommended devices are the Hawking HWUG1/HWUG1A or Edimax EW-7318USg (these have an RP-SMA connector for use with any external antenna and are identical on the inside as confirmed by their identical FCC IDs) or the Linksys WUSB54G v4 (labeled only on the unit).

I want to get a Prism2 USB card, where can I find one?

eBay, or someplace similar. These are all discontinued products and can vary widely in price. Two recommended devices are the D-Link DWL-122 or the Linksys WUSB11 v2.5.

KisMAC isn't finding my Ralink USB device. Why is this happening?

You must not have installed Ralink's OS drivers; Ralink includes an uninstall.command script with their .dmg if you need to remove these. Also delete the old preference file whenever using a different build of KisMAC: with KisMAC closed, remove ~/Library/Preferences/de.binaervarianz.kismac.plist or ~/Library/Preferences/org.kismac-ng.kismac.plist and reset all your preferences from the build you wish to run.

There is a small possibility that your device hasn't been added to the code's list of supported devices. Instructions for testing new device and vendor codes will be forthcoming.

FAQ - Developer

In what programming languages is KisMAC written?

KisMAC is written in a couple of languages. Most of the user interface is written in Objective-C and the kernel extensions are written in embedded C++ (basically a subset of C++ without templates etc.). Small parts of KisMAC's source code require the knowledge of AppleScript and Shell Scripting.

Where is the source code?

In the subversion repository.

How do I build my own binary from the SVN?

See the building from source page.

I get a lot of compile errors, what is wrong?

Please use the compile.command script the first time you try to compile KisMAC. It will set up a suitable environment that can be used to compile KisMAC from within Xcode. You need to have at least Xcode 2.3 installed for the 10.4 builds, and Xcode 3.0 for the 10.5 builds. The path to your local copy of the source code cannot have a space anywhere in it or things will fail. Also, make sure to delete the preference file before running the new build. The pref file for can be found at ~/Library/Preferences/org.kismac-ng.kismac.plist (where ~ is your home folder).

How can I build an install package?

Details are at the bottom of the building from source page.

Technical - Active Attacks

How do I change the MAC address of my wireless card?

A custom MAC address is required to access networks with MAC filtering enabled. Here is a brief guide on how to achieve this on Mac OS X as of August 2005 according to devices and OSes.

AIRPORT EXTREME

Autopatchers are Spoofmac (Shareware), MacDaddyX (Freeware), and ChangeMac (Freeware). Or if you like doing things the hard way, use the manual method from here. Spoofing can be done using the Terminal command sudo ifconfig en1 down; sudo ifconfig en1 lladdr 00:11:22:33:44:55; sudo ifconfig en1 up (spoofing en0 also does work).

UPDATE:

  • As of April 2007, ifconfig DOES work for en1 (AirPort Extreme draft-n) on a pre-production Core2Duo MacBook Pro running 10.4.8. -Fish
  • ifconfig ether works fine with MacBook Core2Duo too (Mac OS 10.4.10).
  • We've also received confirmation that this works on a first generation Core Duo MacBook Pro running 10.4.10, but did not on 10.4.8.

PRISM 2 & ORINOCO CARDS

First download the free sourceforge drivers. If KisMAC is already installed, remove it. Install the sourceforge driver, then (re)install KisMAC. "Patch" the driver when asked to.

Jaguar: use WirelessMac provided with KisMAC along with the patch to alter the MAC address of your card.

Panther: WirelessMac does not work in Panther. Patch the kernel with the instruction posted here and then use the following Terminal command: ifconfig ether 00:01:02:03:04:05.

Note: patching of the kernel requires solid Unix skills.

For Orinoco cards in Panther quoted from jim: My experience was on panther 10.3.3 on a TiBook, I think the way that it worked for me was that I could insert the card and not have it set up in network preferences, I could then set the MAC with the wireless mac utility and then set it up in network preferences. I seem to remember that network preferences always showed the original mac address but I used it to get onto both my own and other mac address limited networks so I definitely had it working. It didn't always seem to work properly all the time but I did have it work!

Tiger: method not supported. The patch for the sourceforge driver was not ported to Tiger.

PRISMGT CARDS

Install the GTDriver. On Panther or Tiger, run the Terminal command ifconfig ether 00:01:02:03:04:05 (where 00:01:02:03:04:05 is the MAC address you want to spoof). Note: PrismGT based cards are increasingly difficult to find as vendors are silently replacing the chipset in these cards without anyway of knowing. Try your card before you buy it.

USB PRISM2 DEVICES

Method 1: Flash the firmware following the instructions with the Windows .exe firmware patcher from here. You will probably need a PC to do this (sorry!). It might work in VirtualPC, it might not. Note: Do this at own risk!

note from themacuser: I don't recommend this. My MA111 will not seem to work right any more. :( Proceed with caution.

Method 2: If you own or have access to a TiVo it can flash the device for you. Just plug in the USB Prism2 device and follow the directions on screen. It worked perfectly with a WUSB11 v2.5

OTHER CHIPSETS

MAC address customization on wireless devices requires that the driver supporting the card be patched in order to actively alter the MAC address. Since most drivers running wireless cards on Mac OS X are not open source, it makes patching the driver difficult to impossible. Thus MAC address customization on devices based on other chipsets than the ones mentioned above is not yet supported.

What does the Deauthenticate menu do?

Deauthentication packets are sent from access points in order to tell clients that they are no longer available for service. KisMAC offers a feature to spoof these packets and cause everyone to probe for the access point with the SSID of the access point in the probe request. This is a very effective way to reveal SSIDs of hidden networks.

See the additional information section for more info.

Note: Some access points might recognize this attack and try to switch their frequency.

What is packet reinjection?

Packet reinjection is a very advanced WEP cracking technique. Be aware that this is the bleeding edge of technology, so it might not work every time. When you use this attack, KisMAC will try to find packets that will cause another computer to respond. The program will then send these packets over and over again. If KisMAC detects answers, it will go into injection mode. Now the network will generate huge amounts of traffic, and more weak frames will be generated. Wireless networks with WEP can be broken within an hour, sometimes only 10 minutes. Please be aware that all detections are of a heuristic nature, therefore it might not always be working.

See the additional information section for more info.

Technical - Cracking

I got a string of letters and numbers for a key... What do I do with it?

This is a hex key. When attempting to join the network, select the "WEP 40/128-bit hex" option from the AirPort Wireless Security drop-down and enter the characters without the colons ( ':' ). The OK button is only usable when you've entered a correct quantity of characters (either five or thirteen hex digits [each digit being two characters]).

How many packets do I need to crack WEP?

Weak Scheduling Attack:

This is a tough question, based on probability: each weak packet has a 5% probability of revealing one byte of the key (meaning statistically only 5 weak packets would be necessary to crack a 40-bit key). However, because there is only a small chance that a byte of the key will be determined, the practical number of weak packets needed is normally 500-1000 times larger! The current KisMAC does not require weak keys any more; rather you will need to collect "unique" IVs. This makes the Weak Scheduling Attack a pretty functional attack again. You will need about 200,000 for 40-bit WEP and about 1,000,000 unique IVs for 104-bit WEP. Try adjusting the fudge factor in the advanced preferences if you are having difficulty with more IVs than that.

Bruteforce and Wordlist Attacks:

The Bruteforce and Wordlist attacks do not require any weak keys, however you will need a lot more CPU time to break a key using a bruteforce attack. At least 8 data packets are required.

How do I crack a WPA network?

IVs and data packets are irrelevant for a WPA network--you need to capture the four-way handshake that occurs when a valid client successfully connects to the AP. When you successfully capture a full handshake (a challenge and a response), the gem on the network's line in the main Networks window will switch from red to green. We also recommend using Growl as there is a notification displayed when the either half of the necessary handshake packets are captured. After you have this (a few never hurts, but you need at least one) you can run a wordlist against the pcap dump to attempt to find the password. Bruteforce is the only current method of cracking WPA. Again, please refer to the aircrack-ng wiki for the most complete reference on key recovery.

What kind of file does KisMAC need for a dictionary attack?

KisMAC expects a simple wordlist, a plain text file with no formatting which contains all the words and phrases that KisMAC will try for you. The words/phrases need to be separated by newline or linefeed characters, as well as one after the last word in the list.

Where can I find good wordlists? PLEASE ADD YOURS!

Why do you not support cracking of 128-bit or 64-bit keys?

Actually KisMAC supports this feature, but we do not follow the marketing gag of most wireless companies. Their 128-bit-keys are actually 104-bit-secret-keys plus a 24-bit long initialization vector (IV), which is submitted in plain text. Therefore the effective key length is 104-bit. The same rule applies to 64-bit, which has an effective strength of 40-bit. However there are the occasional good apples: Nokia for example uses 128-bit secrets plus 24-bit IVs, but we do not have any hardware to test the algorithms on their machines.

How does the Newsham 21-bit attack work?

A lot of wireless access points offer a key generation process on the basis of an easy to remember passphrase. Unfortunately, some companies implement a very dangerous algorithm for the generation of 40-bit WEP keys. This algorithm only generates keys with an effective strength of 21 bits. KisMAC is able to bruteforce these keys in a very short time.

Access Points from the following companies appear to be vulnerable: Linksys, D-Link, Belkin, Netgear... The following companies use other algorithms: 3Com, Apple.

Technical - Logging

Can I use external programs with the driver?

You cannot use an external application with the drivers directly, except for the AirPort Extreme passive mode where you can capture from the wlt1 interface. However if you use KisMAC's dump feature, you will be able to create pcap file which can be read by a lot of UNIX style programs. One of the most useful pcap-enabled applications is Wireshark, a packet analysis tool. It is available as a fink or darwinports package. Check both, sometimes one has a more recent version than the other.

Hint: If you want to capture packets of a specific network, you should disable channel hopping in order to receive more packets.

What is the purpose of logging sniffed packets to a file?

The dump is saved in pcap format, which means that packet analyzers such as Wireshark and EtterCap can be run against the sniffed traffic. Furthermore, KisMAC can read in dump files via the import menu and add those packets to those in the current session.

What do the dumping filter preferences mean?

These options capture the following packets:

  • No dumping - just what it says. No log file is written.
  • Keep everything - All intercepted traffic is written to the log file.
  • Data only - Only packets containing data are written to the log file; empty, "I'm here" beacon traffic is ignored, but any packets with weak initialization vectors (IVs) will be logged.
  • Weak frames only - only packets with weak initialization vectors will be written to the log file.

Technical - Mapping

Why are all networks at one spot (in one line, at the wrong place...)?

This probably means that your map is not aligned. Do this by setting two waypoints.

Note: Even if you import a map from a server, you might still need to set a second waypoint with some maps. The exceptions are Expedia and Map24, where you don't have to.

Are there Problems with Bluetooth GPS Receivers?

The Mac OS Bluetooth Stack seems to be broken (it is not fully compatible with some serial options). Try using gpsd with Bluetooth GPS Receivers.

How do I use the mapping feature?

The mapping feature in KisMAC allows the program to show the different networks and your current position in a map. In order to set a map up, you will have to import an image and switch to the Map tab. You should see your map here now. Now click on the "Set Waypoint 1" entry in the Map menu and click on a position in the map that you know the geographical position for. KisMAC will now ask you for this position. If you have a GPS device attached to your computer, your current position is set as default coordinates. Now use the "Set Waypoint 2" entry to set up a second waypoint. After you set these two points, KisMAC can now use the image as a full quality map. Networks are automatically displayed. You can also show your current position by clicking on the "Current Position" entry in the Map menu. Networks are shown in four colors based on their level of encryption:

Green no encryption
Yellow unknown or other
Red WEP encryption
Blue WPA encryption

How does KisMAC set the location of a network?

If the current signal for a particular BSSID is stronger than KisMAC has previously detected, the current coordinates are logged as the BSSID's location. If KisMAC has previously seen a higher signal it disregards those coordinates, maintaining the existing previously logged location.

Can I merge data sets from multiple wardrives?

By using the Import feature from the File menu or uploading to WiGLE you can generate a combined list and map of the networks discovered in all the imported/uploaded files. The strongest signal level of all imported data will be used to plot each BSSID's location on the map. Be aware that there is a limit of 10,000 unique BSSIDs to KisMAC; attempting to import more data will just use lots of CPU time while KisMAC looks for duplicate BSSIDs.

WiGLE?

What is it?

The name stands for Wireless Geographic Logging Engine.

Basically, you upload your stumble files with GPS coordinates and they stick the networks on a big map of the world. You can browse the map here. (The feature doesn't work in Safari; click on "original webmaps" in the bottom right instead.)

You also appear on the rankings board on the stats.

If you're a WiGLE member already (or just signed up as one), join the KisMAC group.

How do I use it?

  1. In KisMAC, go to File -> Export -> Data to NetStumbler Text.
  2. Go to post a file after logging in.
  3. Click the "Browse" button, and click on the file you exported from KisMAC. Hit the Send button.
  4. Then watch this page to see how the file is being parsed.

To find the location of someone's network, go here and either enter the BSSID in the bottom field, or any other details in the top set of fields, and hit query.

Technical Trouble

Why is my packet reinjection not working?

The most likely cause is that you are using a b chipset on a g network. The Prism2 chipset is a b card, meaning that it only recognizes the headers from b modulations (DSSS / CCK) at 1Mbps, 2Mbps, 5.5Mbps, 11Mbps. It doesn't matter if the router is set to accept b/g modulations (aka DSSS, CCK, OFDM) - if the network you are injecting to has no b clients then there are no targets for the injection, and no arp packets that have CCK headers for your poor stupid b card to sniff. Since KisMAC uses a pure arp replay, only arp and ack packets that are captured will be reused. You should get a newer supported card.

What is the difference between active and passive mode?

Active Mode Passive Mode
* in active mode the WiFi device sends out probe request and waits for answers. The data obtained from these answers is shown. * When you use KisMAC passively the WiFi device is switched into "monitor mode". It waits silently for any valid packets and this data is used to derive the network structure.
- Probe requests can be easily detected (even by other KisMACs in passive mode) + passive sniffers cannot be detected
- the sniffer cannot see raw data, therefore PCAP logging and cracking will not work + only passive devices can perform WEP cracking and logging of data
- the active component of KisMAC cannot detect LEAP networks (they are shown as WEPed) + WPA and LEAP detection is possible
- active programs cannot see hidden networks (per definition) + KisMAC can find and reveal cloaked networks if used in monitor mode
+ you will not lose your WiFi connection (it will only become slower because of all the probing) - KisMAC will need to load a replacement for your normal driver in order to switch the device into monitor mode. Connectivity will be lost

Why is channel hopping not available on my device?

Cisco cards do channel hopping internally, there is no need to do channel hopping for KisMAC. This is actually much more effective as the card can see what channels are being used. For AirPort (Extreme) cards in active mode, the original Apple Driver takes care of the hopping.

What happened to my AirPort card after running KisMAC?

When you start KisMAC, it automatically loads a driver replacement for the AirPort card, enabling monitor mode. To reload the OEM driver, simply quit KisMAC. Sometimes it also may happen that the AirPort icon gets lost. If this should be the case, please re-enable it in System Preferences. If your AirPort driver is not restarted when you quit KisMAC, it is very likely that you had a network application running when you started KisMAC (e.g. Internet Connect or the Network pane of System Preferences). Please note: Do not unload a driver when KisMAC is running! This is very dangerous and will most likely cause a crash!

Why does KisMAC not recognize my Cisco card?

The latest Cisco firmwares cannot be supported by open software as incompatible additions have been made. Please flash your Cisco card to a supported one (eg. 4.25.30).

Why doesn't KisMAC work?

(note, this really needs updating).

Possible problems are:

  • The AirPort card was in use BEFORE launching or WHILE running KisMAC,
  • Lack of administrative privileges,
  • Computer was not restarted after KisMAC crashed,
  • You did not enter your administrative password,
  • You started the "Classic" environment, or
  • There are processes which access the AirPort Card directly (such as Internet Connect.app). This will keep KisMAC from reloading your AirPort Driver on quit.

Possible Solutions:

  • Disable the AirPort card via the Network control panel
  • Gain administrative access
  • Reboot the machine
  • Search computer's system log for any recorded problems
  • Stop "Classic"
  • Quit other programs

Still having trouble? Go to the irc channel mentioned above.

Why does KisMAC not capture any packets?

You are using an active mode source, are you not? Packets can only be captured in passive mode. Please make sure that you know what the difference is. Or perhaps there are no data packets TO capture from the network. Additionally if a network is too far away some or all of the packets may be missed.

Why does my WiFi driver not work after running KisMAC?

This happens most likely because the driver could not properly unloaded before starting to scan. Possible reasons can be:

  • You have another user logged in with Fast-User-Switching
  • You are running the Classic environment
  • You are running an application which locks your AirPort connection, such as Internet Connect.app or sometimes Konfabulator.
  • You are using a 3rd party driver that is incompatible with KisMAC. Currently supported: AppleAirPort.kext, IOXperts, MacSense, WirelessDriver.kext (with a patch), CiscoPCCardRadio.kext

If you cannot work something out, post to the forums. Make sure to includes the following: everything listed on this forum post, a copy of your system.log, and the output of a ps ax. This helps to ensure that we can find your problem.

Why does my AirPort Extreme not work / how do I fix it etc etc…

Try here: troubleshooting AirPort Extreme.

Why can't I edit the wiki or add tickets to the trac?

You need to login first using login kismacuser and password kismac-ng. Please include your name or nick and contact info in all posts' Comment section in case we need to get a hold of you for more information. All tickets must include these details or they cannot be properly addressed and will be promptly closed. Thanks for working with us on this. The Version drop down is to indicate the version the patch or bug report applies against, and the Milestone is the release goal to have it implemented by.