Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
kismet
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo on PPC
View previous topic :: View next topic  
Author Message
_savage
Guru
Guru


Joined: 06 Jun 2004
Posts: 308
Location: Redmond, WA

PostPosted: Thu Jul 22, 2004 3:55 am    Post subject: kismet Reply with quote

hello :-)

has anybody of you managed to get kismet running? i tried on my 1G TiBook with kernel 2.6.7-r11, but it tells me that there is no wireless network available, although i am currently online using it. the output is here
Code:

savage@tigger ~ > kismet
Server options:  none
Client options:  none
Starting server...
Waiting for server to finish starting before startuing UI...
Will drop privs to savage (501)
No enable sources specified, all sources will be enabled.
Source 0 (airport): Using pcap to capture packets from eth1
Source 0 (airport):  Attempting to enter monitor mode.
Enabling monitor mode for an orinoco card on eth1 channel 6
Invalid command : monitor
SIOCSIFFLAGS: Permission denied
SIOCSIFFLAGS: Permission denied
Source airport: Created child capture process 11210
Dropped privs to savage (501)
Enabling channel hopping.
Disabling channel splitting.
Allowing clients to fetch WEP keys.
Logging networks to Kismet-Jul-21-2004-6.network
Logging networks in CSV format to Kismet-Jul-21-2004-6.csv
Logging networks in XML format to Kismet-Jul-21-2004-6.xml
Logging cryptographically weak packets to Kismet-Jul-21-2004-6.weak
Logging cisco product information to Kismet-Jul-21-2004-6.cisco
Logging gps coordinates to Kismet-Jul-21-2004-6.gps
Logging data to Kismet-Jul-21-2004-6.dump
Writing data files to disk every 300 seconds.
Mangling encrypted and fuzzy data packets.
Reading AP manufacturer data and defaults from /etc/kismet/ap_manuf
Reading client manufacturer data and defaults from /etc/kismet/client_manuf
Dump file format: wiretap (local code) dump
Crypt file format: airsnort (weak packet) dump
Kismet 3.0.1 (Kismet)
Logging data networks CSV XML weak cisco gps
GPSD cannot connect: Connection refused
Listening on port 2501.
Allowing connections from 127.0.0.1/255.255.255.255
Registering builtin client/server protocols...
Registering requested alerts...
Registering builtin timer events...
Enabling packet source 0 (airport)...
Gathering packets...
Shutting down source 0 (airport)...
Didn't detect any networks, unlinking network list.
Didn't detect any networks, unlinking CSV network list.
Didn't detect any networks, unlinking XML network list.
Didn't detect any Cisco Discovery Packets, unlinking cisco dump
Didn't capture any packets, unlinking dump file
Didn't see any weak encryption packets, unlinking weak file
Waiting for capture child 11210 to terminate...
Kismet exiting.
Starting UI...
FATAL:  Could not connect to localhost:2501.
Client exited, terminating...
Done.  Run kismet_unmonitor or eject and re-insert your card (or restart your
 pcmcia services) to return your card to normal operation.


i stopped shorewall, so it shouldn't be that. the source variable is set to
Code:

root@tigger ~ # cat /etc/kismet/kismet.conf | grep source=
source=orinoco,eth1,airport

it's an orinoco card, right?

does anybody have an idea? thanks heaps,
jens :)
_________________
Jens Troeger
http://savage.light-speed.de/
Back to top
View user's profile Send private message
DiskBreaker
Apprentice
Apprentice


Joined: 07 Oct 2003
Posts: 224

PostPosted: Thu Jul 22, 2004 1:42 pm    Post subject: Re: kismet Reply with quote

_savage wrote:
i tried on my 1G TiBook with kernel 2.6.7-r11, but it tells me that there is no wireless network available, although i am currently online using it.

That's not the problem.

Code:
Source 0 (airport):  Attempting to enter monitor mode.
Enabling monitor mode for an orinoco card on eth1 channel 6
Invalid command : monitor

This is your problem!

Kismet is a wireless sniffer. The problem is you cannot turn on promiscuous mode on Wlan cards as easily as with Ethernet cards, usually you have to send some kind of signal to the firmware. Unfortunately this is not supported by the majority of the Wlan card drivers.

Your airport card uses the common Orinoco chipset, so yes, it is an Orinoco card. What you need are Orinoco drivers patched with the Monitor Mode patch.

For a quick solution I have made some ebuilds with all necessary patches, so just put one of those in your portage overlay and emerge orinoco-driver. Then rmmod your running modules, modprobe airport, start kismet and off you go:

:arrow: orinoco-driver-0.13e.ebuild - stable
:arrow: orinoco-driver-0.15_rc2.ebuild - unstable
:arrow: orinoco-driver-cvs-0.15.ebuild - unstable CVS

BTW, I have written a lengthy howto on the topic of Monitor & Scan Modes here: https://forums.gentoo.org/viewtopic.php?t=115228
Monitor Mode is for sniffing but disables the card so you cannot use it to surf anymore, you will have to reload your drivers. Scan Mode is for active scanning ala Netstumbler under Windows, with it you will still be able to use the card at the same time.

Have fun,
DiskBreaker


Last edited by DiskBreaker on Mon Aug 02, 2004 9:09 am; edited 1 time in total
Back to top
View user's profile Send private message
Hydraulix
Guru
Guru


Joined: 12 Dec 2003
Posts: 447
Location: Baltimore, Maryland

PostPosted: Fri Jul 23, 2004 3:08 pm    Post subject: Reply with quote

The weird thing for me is Kismet works but it doesn't scan anything. It doesn't even see my router. I used that monitor Ebuild and it works and all but is there something else I need to do for scanning to work?
_________________
It is the fate of operating systems to become free.
- Neal Stephenson

If only You and Dead people can read hex, how many people can read hex?
Back to top
View user's profile Send private message
DiskBreaker
Apprentice
Apprentice


Joined: 07 Oct 2003
Posts: 224

PostPosted: Mon Jul 26, 2004 8:12 am    Post subject: Reply with quote

Hydraulix wrote:
I used that monitor Ebuild and it works and all but is there something else I need to do for scanning to work?

Assuming that monitor mode is working I would guess that your router does not have SSID Broadcasting enabled. If so, you will only be able to see something if there is some traffic from another client to the Access Point. Only then wil Kismet show your Access Point in the list.
Back to top
View user's profile Send private message
Hydraulix
Guru
Guru


Joined: 12 Dec 2003
Posts: 447
Location: Baltimore, Maryland

PostPosted: Mon Jul 26, 2004 11:36 pm    Post subject: Reply with quote

Hmm. I've tried walking around to some other WIFI networks and still nothing. Here's what Kismet spits out...



Code:
bash-2.05b# kismet
Server options:  none
Client options:  none
Starting server...
Waiting for server to finish starting before startuing UI...
Will drop privs to hydraulix (1000)
No enable sources specified, all sources will be enabled.
Source 0 (orinocosource): Using pcap to capture packets from eth0
Source 0 (orinocosource):  Attempting to enter monitor mode.
Enabling monitor mode for an orinoco card on eth0 channel 6
Source orinocosource: Created child capture process 23924
Dropped privs to hydraulix (1000)
Enabling channel hopping.
Disabling channel splitting.
Allowing clients to fetch WEP keys.
Logging networks to Kismet-Jul-26-2004-3.network
Logging networks in CSV format to Kismet-Jul-26-2004-3.csv
Logging networks in XML format to Kismet-Jul-26-2004-3.xml
Logging cryptographically weak packets to Kismet-Jul-26-2004-3.weak
Logging cisco product information to Kismet-Jul-26-2004-3.cisco
Logging gps coordinates to Kismet-Jul-26-2004-3.gps
Logging data to Kismet-Jul-26-2004-3.dump
Writing data files to disk every 300 seconds.
Mangling encrypted and fuzzy data packets.
Reading AP manufacturer data and defaults from /etc/kismet/ap_manuf
Reading client manufacturer data and defaults from /etc/kismet/client_manuf
Dump file format: wiretap (ethereal libwiretap) dump
Crypt file format: airsnort (weak packet) dump
Kismet 3.0.1 (Kismet)
Logging data networks CSV XML weak cisco gps
GPSD cannot connect: Connection refused
Listening on port 2501.
Allowing connections from 127.0.0.1/255.255.255.255
Failed to set up UI server: TcpServer bind() failed: Address already in use
Didn't detect any networks, unlinking network list.
Didn't detect any networks, unlinking CSV network list.
Didn't detect any networks, unlinking XML network list.
Capture child 23924 (orinocosource): Capturing packets from libpcap device eth0
Didn't detect any Cisco Discovery Packets, unlinking cisco dump
Didn't capture any packets, unlinking dump file
Didn't see any weak encryption packets, unlinking weak file
Kismet exiting.
Starting UI...
Looking for startup info from localhost:2501.... found.
Connected to Kismet server 3.0.1 on localhost:2501
Reading AP manufacturer data and defaults from /etc/kismet/ap_manuf
Reading client manufacturer data and defaults from /etc/kismet/client_manuf
Killing server...
/usr/bin/kismet: line 63: kill: (23908) - No such process
Client exited, terminating...
Done.  Run kismet_unmonitor or eject and re-insert your card (or restart your
 pcmcia services) to return your card to normal operation.
bash-2.05b#

_________________
It is the fate of operating systems to become free.
- Neal Stephenson

If only You and Dead people can read hex, how many people can read hex?
Back to top
View user's profile Send private message
DiskBreaker
Apprentice
Apprentice


Joined: 07 Oct 2003
Posts: 224

PostPosted: Tue Jul 27, 2004 8:32 am    Post subject: Reply with quote

Hydraulix wrote:
Hmm. I've tried walking around to some other WIFI networks and still nothing. Here's what Kismet spits out...
Code:
... kismet output ...

Can't see any critical errors in there. Maybe you should try turning on monitor mode by hand:
Code:
iwpriv eth1 monitor 2 6

(where 6 is the channel to sniff on, you can change that to the channel your AP is broadcasting on)
and then sniffing with a sniffer, say ethereal, to see if you are capturing any packets.
Code:
emerge ethereal
Back to top
View user's profile Send private message
Hydraulix
Guru
Guru


Joined: 12 Dec 2003
Posts: 447
Location: Baltimore, Maryland

PostPosted: Wed Aug 04, 2004 9:33 am    Post subject: Reply with quote

Well it's working! I guess I had to run Kismet a couple of times to get it to work.



DiskBreaker: Big-ups for that wireless driver ebuild. Me and M&T bank owes you one. :wink:
_________________
It is the fate of operating systems to become free.
- Neal Stephenson

If only You and Dead people can read hex, how many people can read hex?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo on PPC All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum