Kismet on the One ...

Discussion in 'Linux' started by jeppedal, Aug 3, 2008.

  1. jeppedal

    jeppedal

    Joined:
    Aug 1, 2008
    Messages:
    5
    Likes Received:
    0
    Hi,

    I have installed Kismet via the Installation manager, and everything seems to be installed ok. The problem is that I cannot make it work with any of the combinations of the madwifi drivers in the source configuration.

    Does anyone know how to make the correct settings in the config file to make it work on the Aspire One?

    Whatever I try, I get messages like this:

    Launching kismet_server: /usr/bin/kismet_server
    Will drop privs to user (500) gid 500
    No specific sources given to be enabled, all will be enabled.
    Non-RFMon VAPs will be destroyed on multi-vap interfaces (ie, madwifi-ng)
    Enabling channel hopping.
    Enabling channel splitting.
    NOTICE: Disabling channel hopping, no enabled sources are able to change channel.
    Source 0 (woo): Enabling monitor mode for madwifi_b source interface ath0 channel 6...
    ERROR: Unable to create VAP: Operation not supported
    ERROR: Unable to create monitor-mode VAP
    WARNING: ath0 appears to not accept the Madwifi-NG controls. Will attempt to configure it as a standard Madwifi-old interface. If you are using madwifi-ng, be sure to set the source interface to the wifiX control interface, NOT athX
    FATAL: 'get_mode' does not return integer parameters.
    Done.

    I'm totally new to Linux, but I just love this machine, and so far all the other software I installed have been working just perfect, so I would really appreciate some help. Is there a better choice of software for wlan monitoring and AP detection?

    Best regards
    Jeppedal
     
    jeppedal, Aug 3, 2008
    #1
  2. jeppedal

    olafskaug

    Joined:
    Aug 5, 2008
    Messages:
    5
    Likes Received:
    0
    Hi,

    Your kismet.conf should have the lines:
    source=madwifi_ag,wifi0,madwifi
    enablesources=madwifi

    After you've saved and exited the conf file you have to shut down the wifi cards before kismet can take over control.
    So do a:
    airmon-ng stop ath0

    And finally:
    kismet

    Kismet will then start up and start finding AP's and clients near you. You might have to do some configing of where to put the log files.
    And a little heads up. Kismet plays anonying sounds ALL the time. So you might want to fn + F8.
     
    olafskaug, Aug 5, 2008
    #2
  3. jeppedal

    marcinberlin

    Joined:
    Aug 5, 2008
    Messages:
    6
    Likes Received:
    0
    kismet, airsniff etc. should work on the aspire one --- ---- --- if you install a different linux.

    to install the madwifi drivers for the atheros wifi card, you need to have the kernel source of the kernel which is running.
    which we dont :-(
    so you will need to compile and install either a new kernel or install another linux.
     
    marcinberlin, Aug 7, 2008
    #3
  4. jeppedal

    jeppedal

    Joined:
    Aug 1, 2008
    Messages:
    5
    Likes Received:
    0
    Thanks!

    Installed Ubuntu, and is solved both my Kismet and USB2Serial problems. Everything works just fine!
    Also found a small script to easily move the wifi card in and out of monitor mode: http://paranoia.no/blog/2008/08/05/howt ... ss-sniffer

    I just love this machine!

    Jeppedal
     
    jeppedal, Aug 7, 2008
    #4
  5. jeppedal

    retsaw

    Joined:
    Aug 1, 2008
    Messages:
    133
    Likes Received:
    0
    We don't? What's this then?
     
    retsaw, Aug 8, 2008
    #5
  6. jeppedal

    olafskaug

    Joined:
    Aug 5, 2008
    Messages:
    5
    Likes Received:
    0
    Haha, Kismet, airsnort, aircrack and so on works just fine on Linpus that comes with Acer One. I can post the screens if you don't believe me.
     
    olafskaug, Aug 8, 2008
    #6
  7. jeppedal

    marcinberlin

    Joined:
    Aug 5, 2008
    Messages:
    6
    Likes Received:
    0
    this is a zip containing COMPILED kernel modules.
    its not the source, also the name sounds convincing ... :(
     
    marcinberlin, Aug 8, 2008
    #7
  8. jeppedal

    marcinberlin

    Joined:
    Aug 5, 2008
    Messages:
    6
    Likes Received:
    0
    screens dont help.
    however if you post your kismet.conf file - that would help. and maybe what you changed in the aspire one default config to get it work.

    (as a side note: I figured out how I can get it running ... downloading the vanilla kernel source, compiling it, then compiling madwifi, and finally putting the madwifi klm into the /lib/mofules directory. lots of work though. I will go for this if olafskaug is not coming along with a solution.)
     
    marcinberlin, Aug 8, 2008
    #8
  9. jeppedal

    olafskaug

    Joined:
    Aug 5, 2008
    Messages:
    5
    Likes Received:
    0
    in an hour i'll be home and i can post the conf file. btw: i posted all the important parts of the kismet.conf earlier in this post.
    have you installed kismet, aircrack and ethereal?
    you could just use yum og smart to install it. you'll get the files from the fedora repositories.
    yum install kismet
    yum install aircrack-ng
    yun install ethereal
     
    olafskaug, Aug 8, 2008
    #9
  10. jeppedal

    olafskaug

    Joined:
    Aug 5, 2008
    Messages:
    5
    Likes Received:
    0
    So here is my kismet.conf:

    Code:
    servername=Kismet
    suiduser=user
    networkmanagersleep=true
    source=madwifi_ag,wifi0,madwifi
    enablesources=madwifi
    vapdestroy=true
    
    channelhop=true
    channelvelocity=5
    channelsplit=true
    
    defaultchannels=IEEE80211b:1,6,11,2,7,3,8,4,9,5,10
    defaultchannels=IEEE80211g:1,6,11,2,7,3,8,4,9,5,10
    defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64
    defaultchannels=IEEE80211ab:1,6,11,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64
    tcpport=2501
    allowedhosts=127.0.0.1
    bindaddress=127.0.0.1
    maxclients=5
    
    gps=false
    gpshost=localhost:2947
    gpsmodelock=false
    
    alert=NETSTUMBLER,10/min,1/sec
    alert=WELLENREITER,10/min,1/sec
    alert=LUCENTTEST,10/min,1/sec
    alert=DEAUTHFLOOD,10/min,2/sec
    alert=BCASTDISCON,10/min,2/sec
    alert=CHANCHANGE,5/min,1/sec
    alert=AIRJACKSSID,5/min,1/sec
    alert=PROBENOJOIN,10/min,1/sec
    alert=DISASSOCTRAFFIC,10/min,1/sec
    alert=NULLPROBERESP,10/min,1/sec
    alert=BSSTIMESTAMP,10/min,1/sec
    alert=MSFBCOMSSID,10/min,1/sec
    alert=LONGSSID,10/min,1/sec
    alert=MSFDLINKRATE,10/min,1/sec
    alert=MSFNETGEARBEACON,10/min,1/sec
    alert=DISCONCODEINVALID,10/min,1/sec
    alert=DEAUTHCODEINVALID,10/min,1/sec
    
    allowkeytransmit=true
    writeinterval=300
    trackivs=false
    sound=false
    soundplay=/usr/bin/play
    sound_new=/usr/share/kismet/wav/new_network.wav
    sound_traffic=/usr/share/kismet/wav/traffic.wav
    sound_junktraffic=/usr/share/kismet/wav/junk_traffic.wav
    sound_alert=/usr/share/kismet/wav/alert.wav
    speech=false
    festival=/usr/bin/festival
    flite=false
    darwinsay=false
    speech_voice=default
    speech_type=nato
    speech_encrypted=New network detected, s.s.i.d. %s, channel %c, network encrypted.
    speech_unencrypted=New network detected, s.s.i.d. %s, channel %c, network open.
    ap_manuf=ap_manuf
    client_manuf=client_manuf
    metric=false
    waypoints=false
    waypointdata=%h/.gpsdrive/way_kismet.txt
    waypoint_essid=false
    alertbacklog=50
    logtypes=dump,network,csv,xml,weak,cisco,gps
    trackprobenets=true
    noiselog=false
    corruptlog=true
    beaconlog=true
    phylog=true
    mangledatalog=true
    fuzzycrypt=wtapfile,wlanng,wlanng_legacy,wlanng_avs,hostap,wlanng_wext,ipw2200,ipw2915
    fuzzydecode=wtapfile,radiotap_bsd_a,radiotap_bsd_g,radiotap_bsd_bg,radiotap_bsd_b,pcapfile
    netfuzzycrypt=true
    dumptype=wiretap
    dumplimit=0
    logdefault=Kismet
    logtemplate=/var/log/kismet/%n-%d-%i.%l
    piddir=/var/run/
    configdir=%h/
    ssidmap=ssid_map
    groupmap=group_map
    ipmap=ip_map
    
    Works like a charm for me on the Acer One. I removed all the comments from the default config because the file was HUGE. Just ask if you have any questions. I have NOT changed the default config, and I have NOT installed any special drivers. All I did was install kismet, aircrack-ng and ethereal.

    You're welcome.
     
    olafskaug, Aug 8, 2008
    #10
  11. jeppedal

    tymchn

    Joined:
    Aug 8, 2008
    Messages:
    8
    Likes Received:
    0
    If you use the script from http://paranoia.no/blog/2008/08/05/howt ... ss-sniffer to switch into monitor mode, how do you reset back into normal mode? So far its fine switching the first time, but I cant return to "reg"(ular) mode. My ath0 device disapears and I cant seem to bring it back with modprobe. I have been so happy getting aircrack-ng working under linpus. Its just a shame I have to restart the machine to use normal wifi again.
    Thanks for any help :)
     
    tymchn, Aug 9, 2008
    #11
  12. jeppedal

    olafskaug

    Joined:
    Aug 5, 2008
    Messages:
    5
    Likes Received:
    0
    I have this problem to. I've tried doing a ifup ath0 and all the things i used to do on my old pc, but nothing seems to kick up the normal wifi mode. Any takes on this will be greatly appreciated.
     
    olafskaug, Aug 9, 2008
    #12
  13. jeppedal

    tymchn

    Joined:
    Aug 8, 2008
    Messages:
    8
    Likes Received:
    0
    I have had a bit of a play and come up with this edit to the orginal script, which seems to work:
    Code:
    #!/bin/sh
    if [ $# -eq 0 ]
    then
            echo "madwifi WLAN control - bring atheros interfaces in or out of monitor mode"
            echo "By Buzh - [url]http://paranoia.no[/url] - All rites reversed"
            echo "Usage: `basename $0` "
            echo "Valid commands are:"
            echo "mon - Enter monitor mode"
            echo "reg - Revert to normal mode"
            exit 65 
    fi
    
    if [ $1 = "mon" ]
    then
            echo "Trying to make interface go in monitor mode.."
    
            IW_INTERFACES=$(/sbin/iwconfig | grep 802.11 | awk '{print $1}')
    
            for i in $IW_INTERFACES
            do
                    echo Destroying existing VAPs:
                    /usr/local/bin/wlanconfig $i destroy
            done
    
            echo Done destroying VAPs, creating new:
    
            /usr/local/bin/wlanconfig ath0 create wlandev wifi0 wlanmode monitor
    
            echo Done!
    
    fi
    
    if [ $1 = "reg" ]
    then
            echo "Trying to return to normal operation:"
            #/sbin/rmmod ath_pci && /sbin/modprobe ath_pci
            /usr/local/bin/wlanconfig ath0 destroy wifi0 & /usr/local/bin/wlanconfig ath0 create wlandev wifi0 wlanmode sta
            echo "Done"
    fi
     
    tymchn, Aug 9, 2008
    #13
  14. jeppedal

    marcinberlin

    Joined:
    Aug 5, 2008
    Messages:
    6
    Likes Received:
    0
    hi olaf,

    I tried your config, and yes sure I did install kismet, aircrack (also this is an old and not recommendable version) and wireshark (ethereal's new name, there is no ethereal in the repository).
    I tried your kismet.conf, but it does not work for me:
    Code:
    [root@localhost ~]# kismet
    Launching kismet_server: /usr/bin/kismet_server
    Will drop privs to user (500) gid 500
    No specific sources given to be enabled, all will be enabled.
    Non-RFMon VAPs will be destroyed on multi-vap interfaces (ie, madwifi-ng)
    Enabling channel hopping.
    Enabling channel splitting.
    NOTICE: Disabling channel hopping, no enabled sources are able to change channel.
    Source 0 (madwifi): Enabling monitor mode for madwifi_ag source interface wifi0 channel 6...
    ERROR:  Unable to create VAP: Invalid argument
    ERROR:  Unable to create monitor-mode VAP
    WARNING: wifi0 appears to not accept the Madwifi-NG controls. Will attempt to configure it as a standard Madwifi-old interface. If you are using madwifi-ng, be sure to set the source interface to the wifiX control interface, NOT athX
    FATAL: channel get ioctl failed 22:Invalid argument
    Done.
     
    marcinberlin, Aug 9, 2008
    #14
  15. jeppedal

    Ruud

    Joined:
    Aug 11, 2008
    Messages:
    1
    Likes Received:
    0
    I got Kismet working, thanks a lot olafskaug !!
    I did not install ethereal but only kismet, aircrack-ng and libpcap
    I also had to change the permissions on /etc/kismet with a chmod 777 kismet and the same on /var/log/kismet
    Reboot and have the wifi running
    Open a terminal and do a su
    type: airmon-ng stop ath0
    kismet
    This works for me.
     
    Ruud, Aug 11, 2008
    #15
  16. jeppedal

    stratz9799

    Joined:
    Jul 30, 2008
    Messages:
    3
    Likes Received:
    0
    When restoring managed mode i used:

    sudo wlanconfig ath create wlandev wifi0 wlanmode sta

    rebooted and everything was fine
     
    stratz9799, Aug 24, 2008
    #16
  17. jeppedal

    hasfrochbuster

    Joined:
    Aug 16, 2008
    Messages:
    30
    Likes Received:
    0


    Thank you olafskaug, I finally made this thing work, than you again for your help
     
    hasfrochbuster, Aug 28, 2008
    #17
  18. jeppedal

    dirk

    Joined:
    Aug 25, 2008
    Messages:
    63
    Likes Received:
    0
    airmon-ng gives an error about wireless tools not being installed, but 'yum install wireless-tools' gives an error about already installed!

    Any ideas?
     
    dirk, Aug 29, 2008
    #18
  19. jeppedal

    fusselkater

    Joined:
    Aug 31, 2008
    Messages:
    3
    Likes Received:
    0
    Thanks for the guide. Kismet is up and running here. So far so good.
    But I can't run wireshark in the Terminal.

    There is a text file "/etc/security/console.apps/wireshark
    " which contains the following text:
    USER=root
    PROGRAM=/usr/sbin/wireshark
    SESSION=true
    FALLBACK=true

    But there is no wireshark in "/usr/sbin/"

    Anyone else with this problem or a solution for this problem?
     
    fusselkater, Sep 2, 2008
    #19
  20. jeppedal

    retsaw

    Joined:
    Aug 1, 2008
    Messages:
    133
    Likes Received:
    0
    This is a configuration problem with the PATH not being set correctly. I normally switch to root with "sudo su -" and it works for me, ("su -" will work fine, but running it with sudo saves me from entering a password.)
     
    retsaw, Sep 2, 2008
    #20
Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.