Pages

Showing posts with label AP discovery. Show all posts
Showing posts with label AP discovery. Show all posts

Thursday, 7 October 2010

Kismet: HOW TO

Kismet is one of the ultra modern wireless sniffers. It can and should be used in together with others such as aircrack-ng, airodump, airdecap, airreplay and others. I view these applications as complementary rather than competing. Windows users have netstumbler which in my view may not exactly match up with the above tools especially if they are all used together. Kismet works on any NIC (at least I think) that supports raw monitoring (rfmon). It should not have any problems with IEEE 802.11a, b, g ,n traffic.

On Linux Ubuntu, you have to install kismet using the normal ways i.e
sudo apt-get install kismet
sudo aptitude install kismet

Then comes the configuration which may be simple for others and a hair pulling experience for others. Mine was a mixture of both; After installing kismet, You will have to make configurations to the kismet.conf file which if you installed using the sudo apt-get install kismet method, should be somehere here; /etc/kismet/kismet.conf.

A good idea is to first backup that file (perhaps in the same directory).
cp -v /etc/kismet/kismet.conf /etc/kismet/kismet.conf.backup OR
cp -v /etc/kismet/kismet.conf /etc/kismet/kismet.conf~

That's incase you screw things up in that file.

Then there are primarily two things that you have to change; i.e.
#suiduser=your_user_here

Uncomment that line and enter your username where the "your_user_here" section is. If you are unsure of your username (yea, it happens), on shell type shell$ whoami and the shell will tell you who you are!

Now that you are through with the first part of configuring kismet, the second and somewhat disturbing section is next.

The second section mainly deals with how to configure the source/ interface that kismet will use for monitoring the wireless signals.

Next search for this section

# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
source=none,none,addme
The first none is the driver that is used by your wireless card hardware. If you are not sure, you can use this command to determine it, sudo lshw -C network. This is an example output of the above command;

marcusOfGearsOfWar@gears:~$ sudo lshw -C network
  *-network               
       description: Wireless interface
       product: AR9285 Wireless Network Adapter (PCI-Express)
       vendor: Atheros Communications Inc.
       physical id: 0
       bus info: pci@0000:03:00.0
       logical name: wlan0
       version: 01
       serial: 1c:4b:d6:55:da:5f
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress bus_master cap_list logical wireless
       configuration: broadcast=yes driver=ath9k latency=0 multicast=yes promiscuous=yes wireless=IEEE 802.11bgn
       resources: irq:17 memory:feaf0000-feafffff

The important section in this verbose output is the driver section (in bold) i.e driver=ath9k

The output above is from an Atheros AR9285 Wireless NIC. It clearly displays the driver as ath9k.  However this is interesting because kismet does not like that particular driver. It prefers ath5k. ath9k uses the same capture code as ath5k (I think, just wondering why it shouldn't be used).

Anyhow, if your driver is ath9k, it won't work with kismet (as of now 2010-10-07) unless you pull something incredible off. You should instead use ath5k (that is only if your driver is ath9k) but any other driver as reported by lshw -C network command should work without any hiccups.

Then the second none in source=none,none,addme is the name that your OS uses for the wireless card.
Trying iwconfig should return your wireless card's nickname eg. wlan0

Then the third parameter addme is used for logging purposes. So any name can do.

I installed kismet from ubuntu software repository. Using this method of installation makes kismet love user "root". It will hate anyone else who is not root.

So to fire up kismet, type, sudo kismet and you are "good to go-go" (Spyro Gyra) It will start reporting which wireless networks are available.

Remember, you can get the help menu by typing 'h'. However you can get to the help menu only if you first get rid of the welcome message. If kismet displays a welcome message, you can get rid of that message by pressing the space bar (Just once can do).

ONE IMPORTANT NOTE IS THAT YOU WIRELESS CARD WILL IMMEDIATELY ENTER MONITORING MODE AND WILL DISSOCIATE FROM ANY APs IT HAD EARLIER ASSOCIATED WITH.
So you cannot connect to a wireless network when your card is in monitoring mode.

One small nuance is that after you quit kismet (using the Capital Q), kismet's dumb enough to leave your wireless NIC in monitoring mode (not the clean managed mode it was in before you fired kismet up).

However, don't despair. Restarting your machine is one option. But another quick option is using doing this;

sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode managed
sudo ifconfig wlan0 up

That should sort things out.

If you are interested in listening from the horse's mouth, just go direct to the source

Have a nice day!!!!!