JimmyPopAli

This has been updated for Kismet 2.4.

Kismet with Lucent cards.
This is assuming your wireless card is eth0.
This is how I installed it on Debian, other distributions should be similar.
Toshiba 205cds, Debian woody, kernel 2.4.18 with a Lucent Silver firmware 6.16.

If your just setting up your laptop, when you install linux make sure that you install the packages for software development.


untar everything to /usr/src/<whatever the package is>
tar zxvf <package>.tar.gz


What you need:
Kernel source
pcap
pcmcia-cs
orinoco airsnort patch
wireless tools
compiler

KERNEL NOTES
Wireless extensions need to be compiled in.


untar kernel source

go to /usr/src/
type:
ln -s linux.<version> linux
cd linux
make config
make dep



Get pcap http://www.tcpdump.org/
untar
run:
./configure
make
make install



Get pcmcia-cs-3.1.34.
Untar
get the pcmcia-cs-3.1.34-orinoco-patch.diff patch from http://airsnort.shmoo.com/orinocoinfo.html copy to pcmcia-cs directory
save as a .diff file
copy the .diff file to the pcmcia directory

run:
patch -p0 < pcmcia-cs-3.1.34-orinoco-patch.diff (you may have to change the number after -p to get it to work,
I had to change mine to -p1) then it should say four files were patched.

in pcmcia-cs directory
run:
make config
make all
make install

After installing you'll need to restart the pcmcia.
for me it was "/etc/init.d/pcmcia restart"

get wireless tools
http://www.hpl.hp.com/personal/Jean...inux/Tools.html
untar
run:
make
make install

Time to test:
type "ifconfig eth0"
should say encap:ethernet

to put into monitor mode
run:
iwpriv eth0 monitor 2 1

if you get "Invalid command : monitor"
read the instructions under WRONG DRIVER

to see if it worked type
"ifconfig eth0" and it should say encap:UNSPEC

if you want to take it out of monitor mode type "iwpriv eth0 monitor 0 1"

WRONG DRIVER
This means the wrong drivers were used. By going to /var/log/daemon.log you can see if the correct drivers were loaded.
They should be hermes.o, orinoco.o, and orinoco_cs.o.
If it says something other than that you'll need to edit /etc/pcmcia/config and find the string for your card(it should say in the daemon.log) change the bind to orinoco_cs for your card.

if it says they are the correct drivers and it doesn't work
Go to /lib/modules/kernelversion/kernel/drivers/net/wireless
and type ls -l orinoco_cs.o and see what the date is. If it's the same as the kernel then the drivers are wrong
go to /usr/src/pcmcia-cs/wireless

run:
make
then copy hermes.o, orinoco.o and orinoco_cs.o to /lib/modules/kernelversion/kernel/drivers/net/wireless

try again and hopefully it works


go get Kismet. www.kismetwireless.net
untar
run:
./configure
make all
make install
If you already have 2.2 installed run "make forceinstall" to overwrite the old config file.

Then go to '/usr/local/etc/kismet.conf' and open kismet.conf
change 'cardtype=' from cisco to orinoco.

Something new added with 2.4 is a kismet_monitor, it has the ability to enable monitor mode and start kismet_hopper.
type "kismet_monitor -H"

If it complains about card type make sure you edited kismet.conf and if there isn't a 'cardtype=' option then make sure you have
version 2.4 of the kismet config file.

then type kismet and hopefully it works

If not and it looks something like this

Using pcap to capture packets from eth1
Starting UI...
FATAL: Could not connect to localhost:2501.

here are some solutions.

#1
If it says it can't connect to local host then type "ifconfig -a" and see what 'lo' says if the first word in the second line should say 'inet addr: 127.0.0.1', if it says LOOPBACK type "ifconfig lo 127.0.0.1" it should then say 'inet addr: 127.0.0.1'. If you don't have a 'lo' then you'll have to add it to the /etc/hosts file.

#2
If it says something like 'bind: Network is down' then type 'ifconfig -a' and look to see that the network interface you are using with kismet is actually there, if it isn't type "ifconfig eth? up"

#3
If it says something like 'no private ioctls' then it's trying to use the wrong interface. Either make your wireless card eth0 or edit '/usr/local/etc/kismet.conf' to use the correct interface.

#4
If it says
'Failed to set up UI server: TcpServer gethostbyname() failed: Resource temporarily unavailable'
then you /etc/hosts file isn't set up correctly.

Dr3D1zzl3

you rock im going ot try it your way tonight. (i got things to run with kismet but never under monitor mode. What do you know about hte orinoco_hopper script?

JimmyPopAli

Orinoco_hopper works great. I set my card to monitor channel one with "iwpriv eth0 monitor 2 1" and then started up the hopper and went out. I found networks on multiple channels when before driving the same route only found them on channel one.

jeffrowe

What would you say is the comparison?

I had a prism2 card runnign under Kismet, but it doenst have an ext ant jack and that is why i keep my lucent on my XP Laptop...
Frankly kismet/wellenreiter make me want to dump the XPtop all together... despite Netstumbler <grin>

I have heard mention of RF monitor mode not being as workable under linux... true?

__________________
-Jeffrowe

Dr3D1zzl3

just an added note you might want to edit one thing,.

in order to run the pcmcia-cs make config you have to allready have done a MAKE CONFIG as well as a MAKE DEP in the linux dir.

At least that is the error(s) it spit out at me.

S A U

My notes and thoughts.... given that I've copmiled/installed many a linux kernel.... and other software.

Not knowing what you had in mind for the directions you gave I followed them (in order) to the tee. my mistake.... I should learn to read all of the isntructions to see what makes sense and what was probably left out due to assumptions that everyone following these instructions will make (nearly) every assumption the person who wrote them did.

1) What to do with the kernel you ran "make config" and "make dep" on. Do you "make install" (bzlilo/bzdisk/etc) it and reboot? do you make/install modules? does it matter??? I also have noticed that the newer kernels are harder to compile w/o knowing what config items require which other config items just to get the thing to compile. Are there any config items required just for this topic... any that should be left out? (i got my kernal to copmile but the modules didn't work out so grand)

2) the PCMCIA-CS part ignored the kernel I only ran "make config" and "make dep" on when I restarted pcmcia stating that I wasmissing serveral modules in the runnig kernel. I assume this meant I needed (in "1)" to do all of kernel compile steps. Reading ahead showed no further kernel patch/compile/install steps exposed the need to go back and finish the kernal compile steps.

3) I didn't get past step 2 due to errors compiling the kernel modules.

otherwise I thought they were great

__________________
-- S.A.U.
(Stranger Amoungst Us)

JimmyPopAli

Alright here goes, I completely forgot to go back and look up what's needed in the kernel. You can put in whatever you want but you must have Wireless Networking enabled
and that's all that's required. You can also take out PCMCIA support if you have a 2.4 kernel, I didn't but it could save some headaches when messing with the orinoco driver.

As for the make config and make dep, Drd1zzl3 said he had problems compiling pcmcia-cs without it so I threw it in.

I tried to state most of the intentions up front but I probably missed some plus the formatting isn't that great so I'll have to work on that.

Dr3D1zzl3

its still a huge help man thank you for taking the time to help everyone else out.

visitor

I am not completely convinced that I have it setup correctly. I set it to channel 1 also but have not picked up any points other then channel 1. What are the most popular channels as I want to try those and see if it still picks up channel 1 as I drive by.

Also do you guys change the interval that orinoco_hopper runs at?

JimmyPopAli

I just use the standard interval.

g0tr00t

Ok, now I am at the libcap level. I ./configure it, then I try to make it and NOTHING. All I have is a makefile.in

At the end of my ./configure I get an error message
Your OS lex is insufficient to compile libcap. flex is a lex replacement that has many advantages, including being able to compile libpcap. Please see http://www.gnu.org/software/flex/flex.html

So I go there grab Flex, ./configure - fine, make BOOM! I get the error yacc command not found.

Now what? Help.....

__________________
g0tr00t

"Its all fun and games until someone gets killed."

JimmyPopAli

Damn, you're having all sorts of trouble, which distro are you using?

Anyways the obvious question, do you have YACC installed?

g0tr00t

I am using Mandrake 8.2. I left the laptop at work. Do I just do a search for yacc?

Ugh, is there a better distro for Kismet and it's required packages?

The reason I am using Mandrake was that RedHat 7.1 was VERY buggy on my IBM 760E laptop. No X, lots of install problems. I have not tried the newest version, should I?

Thanks Jimmy for your help. It is VERY much appreciated. If you think I should use a different distro, let me know and I will rip it tonight and reinstall it tomorrow.

__________________
g0tr00t

"Its all fun and games until someone gets killed."

JimmyPopAli

Redhat and Mandrake are good at getting everything working right off the bat, what sucks is the rpm system. Debian is super nice while installing things because it knows what dependencies a package has and downloads them too.

Since you already have your kernel configured and such just stick with what you have. Run a search for yacc and hopefully you'll be alright.

rambopfc

i know this is off, but do think you could possibly write an airsnort HOWTO?? (if you find time, you know?)
something like that would be a great help to me..
i keep getting this error-

[root@localhost Airsnort-0.2.1a]# make
make all-recursive
make[1]: Entering directory `/root/Desktop/Airsnort-0.2.1a'
Making all in src
make[2]: Entering directory `/root/Desktop/Airsnort-0.2.1a/src'
gcc -g -O2 -Wall -o airsnort main.o support.o interface.o callbacks.o crack.o RC4.o crc-32.o capture.o Packet.o bssidlist.o display.o -lpthread -lpcap -L/usr/lib -L/usr/X11R6/lib -lgtk -lgdk -rdynamic -lgmodule -lglib -ldl -lXi -lXext -lX11 -lm
/usr/bin/ld: cannot find -lpcap
collect2: ld returned 1 exit status
make[2]: *** [airsnort] Error 1
make[2]: Leaving directory `/root/Desktop/Airsnort-0.2.1a/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/Desktop/Airsnort-0.2.1a'
make: *** [all-recursive-am] Error 2
[root@localhost Airsnort-0.2.1a]#"

and have no idea how to fix it, or what to do next.. hope i'm not asking too much...
thanks,

RAMBO