Kismet on the One ...

Hi,

I have installed Kismet via the Installation manager, and everything seems to be installed ok. The problem is that I cannot make it work with any of the combinations of the madwifi drivers in the source configuration.

Does anyone know how to make the correct settings in the config file to make it work on the Aspire One?

Whatever I try, I get messages like this:

Launching kismet_server: /usr/bin/kismet_server
Will drop privs to user (500) gid 500
No specific sources given to be enabled, all will be enabled.
Non-RFMon VAPs will be destroyed on multi-vap interfaces (ie, madwifi-ng)
Enabling channel hopping.
Enabling channel splitting.
NOTICE: Disabling channel hopping, no enabled sources are able to change channel.
Source 0 (woo): Enabling monitor mode for madwifi_b source interface ath0 channel 6...
ERROR: Unable to create VAP: Operation not supported
ERROR: Unable to create monitor-mode VAP
WARNING: ath0 appears to not accept the Madwifi-NG controls. Will attempt to configure it as a standard Madwifi-old interface. If you are using madwifi-ng, be sure to set the source interface to the wifiX control interface, NOT athX
FATAL: 'get_mode' does not return integer parameters.
Done.

I'm totally new to Linux, but I just love this machine, and so far all the other software I installed have been working just perfect, so I would really appreciate some help. Is there a better choice of software for wlan monitoring and AP detection?

Best regards
Jeppedal

 

Hi,

Your kismet.conf should have the lines:
source=madwifi_ag,wifi0,madwifi
enablesources=madwifi

After you've saved and exited the conf file you have to shut down the wifi cards before kismet can take over control.
So do a:
airmon-ng stop ath0

And finally:
kismet

Kismet will then start up and start finding AP's and clients near you. You might have to do some configing of where to put the log files.
And a little heads up. Kismet plays anonying sounds ALL the time. So you might want to fn + F8.

 

kismet, airsniff etc. should work on the aspire one --- ---- --- if you install a different linux.

to install the madwifi drivers for the atheros wifi card, you need to have the kernel source of the kernel which is running.
which we dont :-(
so you will need to compile and install either a new kernel or install another linux.

 

Thanks!

Installed Ubuntu, and is solved both my Kismet and USB2Serial problems. Everything works just fine!
Also found a small script to easily move the wifi card in and out of monitor mode: http://paranoia.no/blog/2008/08/05/howt ... ss-sniffer

I just love this machine!

Jeppedal

 

We don't? What's this then?

 

Haha, Kismet, airsnort, aircrack and so on works just fine on Linpus that comes with Acer One. I can post the screens if you don't believe me.

 

this is a zip containing COMPILED kernel modules.
its not the source, also the name sounds convincing ...

 

screens dont help.
however if you post your kismet.conf file - that would help. and maybe what you changed in the aspire one default config to get it work.

(as a side note: I figured out how I can get it running ... downloading the vanilla kernel source, compiling it, then compiling madwifi, and finally putting the madwifi klm into the /lib/mofules directory. lots of work though. I will go for this if olafskaug is not coming along with a solution.)

 

in an hour i'll be home and i can post the conf file. btw: i posted all the important parts of the kismet.conf earlier in this post.
have you installed kismet, aircrack and ethereal?
you could just use yum og smart to install it. you'll get the files from the fedora repositories.
yum install kismet
yum install aircrack-ng
yun install ethereal

 

So here is my kismet.conf:

Code:

servername=Kismet
suiduser=user
networkmanagersleep=true
source=madwifi_ag,wifi0,madwifi
enablesources=madwifi
vapdestroy=true

channelhop=true
channelvelocity=5
channelsplit=true

defaultchannels=IEEE80211b:1,6,11,2,7,3,8,4,9,5,10
defaultchannels=IEEE80211g:1,6,11,2,7,3,8,4,9,5,10
defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64
defaultchannels=IEEE80211ab:1,6,11,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64
tcpport=2501
allowedhosts=127.0.0.1
bindaddress=127.0.0.1
maxclients=5

gps=false
gpshost=localhost:2947
gpsmodelock=false

alert=NETSTUMBLER,10/min,1/sec
alert=WELLENREITER,10/min,1/sec
alert=LUCENTTEST,10/min,1/sec
alert=DEAUTHFLOOD,10/min,2/sec
alert=BCASTDISCON,10/min,2/sec
alert=CHANCHANGE,5/min,1/sec
alert=AIRJACKSSID,5/min,1/sec
alert=PROBENOJOIN,10/min,1/sec
alert=DISASSOCTRAFFIC,10/min,1/sec
alert=NULLPROBERESP,10/min,1/sec
alert=BSSTIMESTAMP,10/min,1/sec
alert=MSFBCOMSSID,10/min,1/sec
alert=LONGSSID,10/min,1/sec
alert=MSFDLINKRATE,10/min,1/sec
alert=MSFNETGEARBEACON,10/min,1/sec
alert=DISCONCODEINVALID,10/min,1/sec
alert=DEAUTHCODEINVALID,10/min,1/sec

allowkeytransmit=true
writeinterval=300
trackivs=false
sound=false
soundplay=/usr/bin/play
sound_new=/usr/share/kismet/wav/new_network.wav
sound_traffic=/usr/share/kismet/wav/traffic.wav
sound_junktraffic=/usr/share/kismet/wav/junk_traffic.wav
sound_alert=/usr/share/kismet/wav/alert.wav
speech=false
festival=/usr/bin/festival
flite=false
darwinsay=false
speech_voice=default
speech_type=nato
speech_encrypted=New network detected, s.s.i.d. %s, channel %c, network encrypted.
speech_unencrypted=New network detected, s.s.i.d. %s, channel %c, network open.
ap_manuf=ap_manuf
client_manuf=client_manuf
metric=false
waypoints=false
waypointdata=%h/.gpsdrive/way_kismet.txt
waypoint_essid=false
alertbacklog=50
logtypes=dump,network,csv,xml,weak,cisco,gps
trackprobenets=true
noiselog=false
corruptlog=true
beaconlog=true
phylog=true
mangledatalog=true
fuzzycrypt=wtapfile,wlanng,wlanng_legacy,wlanng_avs,hostap,wlanng_wext,ipw2200,ipw2915
fuzzydecode=wtapfile,radiotap_bsd_a,radiotap_bsd_g,radiotap_bsd_bg,radiotap_bsd_b,pcapfile
netfuzzycrypt=true
dumptype=wiretap
dumplimit=0
logdefault=Kismet
logtemplate=/var/log/kismet/%n-%d-%i.%l
piddir=/var/run/
configdir=%h/
ssidmap=ssid_map
groupmap=group_map
ipmap=ip_map

Works like a charm for me on the Acer One. I removed all the comments from the default config because the file was HUGE. Just ask if you have any questions. I have NOT changed the default config, and I have NOT installed any special drivers. All I did was install kismet, aircrack-ng and ethereal.

You're welcome.

 

If you use the script from http://paranoia.no/blog/2008/08/05/howt ... ss-sniffer to switch into monitor mode, how do you reset back into normal mode? So far its fine switching the first time, but I cant return to "reg"(ular) mode. My ath0 device disapears and I cant seem to bring it back with modprobe. I have been so happy getting aircrack-ng working under linpus. Its just a shame I have to restart the machine to use normal wifi again.
Thanks for any help

 

I have this problem to. I've tried doing a ifup ath0 and all the things i used to do on my old pc, but nothing seems to kick up the normal wifi mode. Any takes on this will be greatly appreciated.

 

I have had a bit of a play and come up with this edit to the orginal script, which seems to work:

Code:

#!/bin/sh
if [ $# -eq 0 ]
then
        echo "madwifi WLAN control - bring atheros interfaces in or out of monitor mode"
        echo "By Buzh - [url]http://paranoia.no[/url] - All rites reversed"
        echo "Usage: `basename $0` "
        echo "Valid commands are:"
        echo "mon - Enter monitor mode"
        echo "reg - Revert to normal mode"
        exit 65 
fi

if [ $1 = "mon" ]
then
        echo "Trying to make interface go in monitor mode.."

        IW_INTERFACES=$(/sbin/iwconfig | grep 802.11 | awk '{print $1}')

        for i in $IW_INTERFACES
        do
                echo Destroying existing VAPs:
                /usr/local/bin/wlanconfig $i destroy
        done

        echo Done destroying VAPs, creating new:

        /usr/local/bin/wlanconfig ath0 create wlandev wifi0 wlanmode monitor

        echo Done!

fi

if [ $1 = "reg" ]
then
        echo "Trying to return to normal operation:"
        #/sbin/rmmod ath_pci && /sbin/modprobe ath_pci
        /usr/local/bin/wlanconfig ath0 destroy wifi0 & /usr/local/bin/wlanconfig ath0 create wlandev wifi0 wlanmode sta
        echo "Done"
fi

 

hi olaf,

I tried your config, and yes sure I did install kismet, aircrack (also this is an old and not recommendable version) and wireshark (ethereal's new name, there is no ethereal in the repository).
I tried your kismet.conf, but it does not work for me:

Code:

[root@localhost ~]# kismet
Launching kismet_server: /usr/bin/kismet_server
Will drop privs to user (500) gid 500
No specific sources given to be enabled, all will be enabled.
Non-RFMon VAPs will be destroyed on multi-vap interfaces (ie, madwifi-ng)
Enabling channel hopping.
Enabling channel splitting.
NOTICE: Disabling channel hopping, no enabled sources are able to change channel.
Source 0 (madwifi): Enabling monitor mode for madwifi_ag source interface wifi0 channel 6...
ERROR:  Unable to create VAP: Invalid argument
ERROR:  Unable to create monitor-mode VAP
WARNING: wifi0 appears to not accept the Madwifi-NG controls. Will attempt to configure it as a standard Madwifi-old interface. If you are using madwifi-ng, be sure to set the source interface to the wifiX control interface, NOT athX
FATAL: channel get ioctl failed 22:Invalid argument
Done.

 

I got Kismet working, thanks a lot olafskaug !!
I did not install ethereal but only kismet, aircrack-ng and libpcap
I also had to change the permissions on /etc/kismet with a chmod 777 kismet and the same on /var/log/kismet
Reboot and have the wifi running
Open a terminal and do a su
type: airmon-ng stop ath0
kismet
This works for me.

 

When restoring managed mode i used:

sudo wlanconfig ath create wlandev wifi0 wlanmode sta

rebooted and everything was fine

 

Thank you olafskaug, I finally made this thing work, than you again for your help

 

airmon-ng gives an error about wireless tools not being installed, but 'yum install wireless-tools' gives an error about already installed!

Any ideas?

 

Thanks for the guide. Kismet is up and running here. So far so good.
But I can't run wireshark in the Terminal.

There is a text file "/etc/security/console.apps/wireshark
" which contains the following text:
USER=root
PROGRAM=/usr/sbin/wireshark
SESSION=true
FALLBACK=true

But there is no wireshark in "/usr/sbin/"

Anyone else with this problem or a solution for this problem?

 

This is a configuration problem with the PATH not being set correctly. I normally switch to root with "sudo su -" and it works for me, ("su -" will work fine, but running it with sudo saves me from entering a password.)