Okay ... It's been mentioned several dozen times that we want Kismet. I'm no developer or else I'd attempt a cross compiler myself. Here's a good place to start:


Kismet Project Page: http://www.kismetwireless.net/
Kismet ARM Binaries: http://www.kismetwireless.net/download.shtml
GKismet: http://gkismet.sourceforge.net/
Samuel Ortiz putting it on his TODO: http://maemo.org/pipermail/maemo-developers/2005-November/001909.html


I've heard that the -51 firmware does support monitor mode/RFMON/promiscuous mode but have been unable to confirm that through any third party postings. If it IS in there, isn't a maemo port just a few hours away?

Have you tried "installing" the ARM binary that they provide? Just tar zxf the .ipk file and untar the resulting data.tar.gz file into / or /var/lib/install and see if you can run the binary. I've never used kismet, but I've been curious about it since I found out that gpsdrive works with it (although this combo appears to require mysql?).

gpsd works with it for tracking locations but I don't know if maemo gpsdrive will. That'd be NEAT though... to have it draw dots with hotspot labels :D

Okay ... It's been mentioned several dozen times that we want Kismet. I'm no developer or else I'd attempt a cross compiler myself. Here's a good place to start:


Kismet Project Page: http://www.kismetwireless.net/
Kismet ARM Binaries: http://www.kismetwireless.net/download.shtml
GKismet: http://gkismet.sourceforge.net/
Samuel Ortiz putting it on his TODO: http://maemo.org/pipermail/maemo-developers/2005-November/001909.html


THe ARM binaries should be far enough.
By the way why do you need Kismet ? A simple script using iwlist scan is enough.

db

Samuel Ortiz putting it on his TODO: http://maemo.org/pipermail/maemo-developers/2005-November/001909.html



Monitor mode should work fine with 51-* firmwares, at least tcpdump -X output looks ok...

By the way why do you need Kismet ? A simple script using iwlist scan is enough.

Monitor mode gives you the whole, raw frames (in particular beacons and probe response) which allows for building a much more complete network map than what a simple scan would give.

I've actually talked with Mike Kershaw (the developer of Kismet) about Kismet on the Nokia the moment I got mine. Infact when I was at Shmoocon with him I let him actaully see a Nokia for the first time and brought it up again. I think he said that the Texas Instruments OMAP wireless component does not support RFMON (very well anyways) properly to do Kismet. However he did then mention that until he has one to play with he can't be 100% sure.

Too bad we didnt know about the developer program, otherwise he would have one right now.

I will see if I can get him to come to this thread tomorrow to post some sort of official stance on the possibility of Kismet on the Texas Instruments OMAP platform.

Or atleast get a direct quote out of him.

Monitor mode gives you the whole, raw frames (in particular beacons and probe response) which allows for building a much more complete network map than what a simple scan would give.
Ok, I understand that Kismet, Wellenreiter and so on are more interesting on a analysis point of view. For example, they are able to see association frames coming from STA while the ESSID is hidden: interesting for finding hidden AP. They are also able to display STA in infrastructure mode not only APs.
But these softwares are more commonly called Analysers not mappers even if you can use them as it (the more can do the less).
If you want to do a map (with informations like ESSID, RxLvl, S/N level, type of protection, AP's MAC address, GPS coordinates, that's not insignificant) you can do it right know without needing to port a Kismet or a WellenReiter.
It's like the difference between a Ethereal or tcpdump and a ntop.

db

I think he said that the Texas Instruments OMAP wireless component does not support RFMON (very well anyways) properly to do Kismet. However he did then mention that until he has one to play with he can't be 100% sure.

OMAP doesn't have any wireless module. TI has some of course, but they're not part of any OMAP.
The wireless chip running on the 770 is Conexant's CX3110x, and it now supports monitor mode.

Ah, when I was looking at the TI OMAP board it said it had on board 802.11g. Mike knew that the TI stuff was no good for Kismet so thats how we came to that conclusion.

Well then, I will let him know!

And the response from Mike:
"If it supports monitor I'll do my best to make it work, though I don't have a device currently and if anyone wants to email me a) info on setting modes and b) a tcpdump -s -1 (or -s 65535 depending on the tcpdump version), then i'll do what I can"

you can contact him at http://www.kismetwireless.net/

OMAP doesn't have any wireless module. TI has some of course, but they're not part of any OMAP.
The wireless chip running on the 770 is Conexant's CX3110x, and it now supports monitor mode.

First, I confirm that 770 (whatever chipset it may be) supports RFMON: I'm able to use airodump on it.

I've just installed Kismet (from a debian ARM package) on my N770 and I confirm that it runs well with a source type of wlanng.
I had to type
iwconfig wlan0 mode monitor
before launching kismet_server however.

I will post, tonight, on my web site http://770.blas.net, a screenshot of the 770 running the kismet_client GUI.

db

wlanng has a nonstandard monitor mode set, which is why you had to set monitor mode. Try another source.

Mike says he usually does not like telling people to fake the source type because it leads to grief later. So test prism54, thats probably a good one and if it works, to send him the info he asked about from tcpdump to make sure and he will make a proper source type for it.

Ah, when I was looking at the TI OMAP board it said it had on board 802.11g.
The eval boards might have some external 802.11 chipset, but not the OMAP itself.

Have the develpers Email me - I'll set up some way to run any commands they need from me. Maybe I can get some Bluetooth DUN working into which they can SSH. I don't know. I'll figure out something.

wlanng has a nonstandard monitor mode set, which is why you had to set monitor mode. Try another source.

My goal wasn't to test every source type but to show that it already exists a debian Kismet that works.


Mike says he usually does not like telling people to fake the source type because it leads to grief later. So test prism54, thats probably a good one and if it works, to send him the info he asked about from tcpdump to make sure and he will make a proper source type for it.
The source 'prism54g' works.

I'll send a pcap trace to Mike as soon as possible.

db

*squirming in my chair*

Two weeks later - any news?

Which news ?

Gourmet: Have you heard anything from Mike?

And now a month has passed.
*BUMP

Anyone? Anyone? Bueller?

Not exactly news, but. Sipping on a coffee on Queen West in Toronto, I fired up Kismet and started scanning. I found a buncha networks, a buncha weird signals that it interpreted as mystery networks, and not much else. Synopsis: It's glaringly apparent I don't know how to use Kismet.

The curses version may work but it'd be much nicer with a hildon UI. Here's to hoping.

So (in the interest of keeping this thread alive)... what does one *do* with all the information gathered?

I would assume they'd find a filter for the data and make it more easy to display. Also, they'd build an attractive user interface for it.

As I see discussion here it seems to me, that you were able to run kismet on N770 in terminal mode. How did you do that?

When I try to run kismet my N770 always frrezes. I run it as a root, configure wlan device via iwconfig befohe, and I have a lot of swap on my MMC card.

I don't have a swap partition configured. I su to root, and run it. I'd heard that it won't work without the AC power because the powersaving keeps turning the radio off every few seconds, but I had no such issues. I'd list other apps I have installed to help alleviate conflicts but there's about 20 of them.

Did the kismet team get the information they needed? Has there been any progress?

Hehe, isn't kismet supposed to be used with a Packet Sniffer on the 770 to crack WEP Encryption keys?

(I have no idea how by the way lol)

Hehe, isn't kismet supposed to be used with a Packet Sniffer on the 770 to crack WEP Encryption keys?

(I have no idea how by the way lol)

depends on what you want to use it for. Not my thing so I would know about it from the white-hat side of the fence. But that's about it.

depends on what you want to use it for. Not my thing so I would know about it from the white-hat side of the fence. But that's about it.
Haha, I'm a gray hat over here ;)

Does the millions of ghost networks have anything to do with the fact that the sensitivity of wlan0 is set to 0/200? The highest I can set is 20/200.


pathetically easy to use kismet to break WEP. Just gather > 0.5 gb of data, have kismet save as dump, and give it to aircrack. Only use it on your OWN network, of course.

pathetically easy to use kismet to break WEP. Just gather > 0.5 gb of data, have kismet save as dump, and give it to aircrack. Only use it on your OWN network, of course.
Reply With Quote

Out of curiosity, how long does Aircrack take for this? I tried to break my own network key this way, and I let it go for a couple hours before deciding I had other things to do. My key is 128 bit hex WEP.

You firstly would have to lock the kismet to the channel i question, then it will depend on the amount of traffic on the network...

could take 10 min, could also take several days...

Does the millions of ghost networks have anything to do with the fact that the sensitivity of wlan0 is set to 0/200? The highest I can set is 20/200.


pathetically easy to use kismet to break WEP. Just gather > 0.5 gb of data, have kismet save as dump, and give it to aircrack. Only use it on your OWN network, of course.
Can you expand?

You firstly would have to lock the kismet to the channel i question, then it will depend on the amount of traffic on the network...

could take 10 min, could also take several days...
Can you expand?

Wow, I was a it shocked to see so many WLANs here in the countryside (24km from Helsinki). Most of them seemingly unencrypted, some WEP, and a few WPA ones. I got online in the middle of that town from some open one.

Then I drove home on a dirt road only to find every other house had a wlan connection.

http://i67.photobucket.com/albums/h316/cybe100777/P1050434.jpg

Very interesting. I'll try Kismet the next time...

I sure hope the ghost network issue is fixed (or perhaps more fixable) with the release of the 2006OS. It would be nice to have kismet working on my 770 before Defcon. :)

Hi, are there any news about Kismet an OS2008?

Bernhard

i do have kismet installed on my n800 with OS2008. it does work, but i cannot get GPS working with it just yet.

i do have kismet installed on my n800 with OS2008. it does work, but i cannot get GPS working with it just yet.

Is it available in any public repositories or did you compile it yourself?

yes, it is available from a repository, but i forget which one. i have downloaded many of the .deb files and stored them on one of my machines, for the convenience. you are gonna have to dig for it, from maemo.org/downloads/ and gronmayer.com/it/.

i browsed a lot of the repositories with a web browser, so that i could see what each one a had, and pulled the packages i wanted that way. a bit roundabout, but i was able to download the files, and have them in a somewhat bush-league repository of my own.

forgot to mention... i am running the bora version of kismet, as i have not seen the chinook version of it yet. you will have to look for the OS2007/bora/maemo3 or 3.2 paths in the repos to find it.

happy hunting

I just got Kismet working and want to share the steps I took to get there.
To begin with this is a brand new N800, which came with OS2007 installed. The first thing I did was to flash OS2008, reported as version 2.2007.50-2 in "About Product"

I found a Kismet repository at http://eko.one.pl/maemo. This has both mistral and bora distributions; I chose mistral. My first attempt at installing it failed with the message that ncurses-base was missing.

Thanks to the excellent index at http://gronmayer.com/it/index.php?lang=en&sort=hits&system=maemo4#134 I found the Maemo Chinook repository at http://repository.maemo.org and installed ncurses-base from there.

Now Kismet works as expected (running as root). The files are saved on the external sd card, /media/mmc1 although it didn't seem to bother it if the card was taken out. Kismet ran for over 30 minutes, including times when the screen went to sleep, with no problems.

The one issue, that Kismet warns you about, is that the wi-fi card is inoperative when Kismet exits. everything looks normal - the icon shows a connection, ifconfig looks normal, but the interface can't communicate with the outside world. On the Zaurua (running Angstrom) I was able to restart the card using the following script:


ifdown wlan0
pccardctl eject 1
pccardctl insert
ifup wlan0


but so far I haven't found pccardctl (or the older cardctl) anywhere
so the workaround for now is


shutdown -r now


If anyone has any suggestions about restarting the wifi interface, I'd love to hear them.

Walt

I just got Kismet working and want to share the steps I took to get there.
To begin with this is a brand new N800, which came with OS2007 installed. The first thing I did was to flash OS2008, reported as version 2.2007.50-2 in "About Product"

I found a Kismet repository at http://eko.one.pl/maemo. This has both mistral and bora distributions; I chose mistral. My first attempt at installing it failed with the message that ncurses-base was missing.

Thanks to the excellent index at http://gronmayer.com/it/index.php?lang=en&sort=hits&system=maemo4#134 I found the Maemo Chinook repository at http://repository.maemo.org and installed ncurses-base from there.

Now Kismet works as expected (running as root). The files are saved on the external sd card, /media/mmc1 although it didn't seem to bother it if the card was taken out. Kismet ran for over 30 minutes, including times when the screen went to sleep, with no problems.

The one issue, that Kismet warns you about, is that the wi-fi card is inoperative when Kismet exits. everything looks normal - the icon shows a connection, ifconfig looks normal, but the interface can't communicate with the outside world. On the Zaurua (running Angstrom) I was able to restart the card using the following script:


ifdown wlan0
pccardctl eject 1
pccardctl insert
ifup wlan0


but so far I haven't found pccardctl (or the older cardctl) anywhere
so the workaround for now is


shutdown -r now


If anyone has any suggestions about restarting the wifi interface, I'd love to hear them.

Walt

I'm having the same problem but my N800 looks-up 90% of the time and it I have to waste ~2hr when the bloody batt. fix

if i remember kismet leave the card in monitoring mode ...

try a :

ifconfig wlan0 down
iwconfig wlan0 mode ad-hoc
ifconfig wlan0 up

It turns out that tapping the wireless icon, and then disconnecting/connecting the wifi connection, seems to reset it sufficiently.

Walt

Unfortunately I can't use gpsmap on my laptop to get some maps...
I transferred all logs (*.dump, *.gps) to my laptop and tried to use gpsmap, but it always says that I captured too few samples (in fact there were 0 samples... although I captured beacon packets and had a .dump of about 5MB).

Is there anyone who can use his kismet logs from a N810 with gpsmap?
Maybe it is because of the wlan module not reporting the signal quality to kismet (at least I can't see the "power levels" in kismet)

Regards,
Tantris

For me, on other platforms, I would have to do the ifconfig wlan0 down, followed by a rmmod/insmod on the module (for n810 it is cx3110x) driver.

But simply change-connection back to where I was at seems to fix it for me as an earlier poster noted.

After puttering around for awhile, I got Kismet to work with my Holux BT GPS and you ain't gonna believe the solution.

1. Started Maemo Mapper and enabled the GPS
2. Did the sudo gainroot thing in X terminal
3. Ran kismet

Just went around my block and it logged the max and min lat/longs of the 100 or so AP's in my neighborhood. I am quite psyched! Now onto mapping! I'm wondering if I lucked out on the kismet.conf tweaking 'cuz I'm a user not a programmer. (Thanks to Thoughtfix and Gnuite for their thoughts and Andrea Lange for the Italian instructions for Wardriving with your 770 that started me on this.) I hope others can duplicate this. If there is anything you need off my N800 let me know (and possibly help get it copied...)

I forgot to try that with my zmapper application - I used to do that with a wifi card and serial GPS with my Zaurus. The map showed lines and polygons and would use kismet to draw color coded circles per access point. I've ported it to the n810/n800 so it should work.

After puttering around for awhile, I got Kismet to work with my Holux BT GPS and you ain't gonna believe the solution.

1. Started Maemo Mapper and enabled the GPS
2. Did the sudo gainroot thing in X terminal
3. Ran kismet

Just went around my block and it logged the max and min lat/longs of the 100 or so AP's in my neighborhood. I am quite psyched! Now onto mapping! I'm wondering if I lucked out on the kismet.conf tweaking 'cuz I'm a user not a programmer. (Thanks to Thoughtfix and Gnuite for their thoughts and Andrea Lange for the Italian instructions for Wardriving with your 770 that started me on this.) I hope others can duplicate this. If there is anything you need off my N800 let me know (and possibly help get it copied...)

Just two questions...
First, when I run Maemo Mapper, of course if wants a map.... but the only choices seem to be East/West USA at 750MB +. Are there smaller state or regional maps? Where?
Second, does anyone know if this will work with an N800 plus a Bluetooth GPS? I have a Teletype GPS that has worked with a variety of Windows Mobile devices; I have yet to try it with Maemo because of question #1, but will buy a 4GB SD card if it is likely to work.
Third (an afterthought) has anyone gotten the signal-strength to work in Kismet? It just shows up as a constant 0.0 on my installation, but all the other columns seem to work properly. I have version 2007.01.R1b-1.0 which I think is the latest for OS2008.

Walt

Just two questions...
First, when I run Maemo Mapper, of course if wants a map.... but the only choices seem to be East/West USA at 750MB +. Are there smaller state or regional maps? Where?

You confuse the navigation app from wayfinder ("map") with maemo-mapper (https://garage.maemo.org/projects/maemo-mapper/) which you have to install extra.

Yes, I was confoozled :-D

Thanks

I just got Kismet working and want to share the steps I took to get there.
To begin with this is a brand new N800, which came with OS2007 installed. The first thing I did was to flash OS2008, reported as version 2.2007.50-2 in "About Product"

I found a Kismet repository at http://eko.one.pl/maemo. This has both mistral and bora distributions; I chose mistral. My first attempt at installing it failed with the message that ncurses-base was missing.

Thanks to the excellent index at http://gronmayer.com/it/index.php?lang=en&sort=hits&system=maemo4#134 I found the Maemo Chinook repository at http://repository.maemo.org and installed ncurses-base from there.

Now Kismet works as expected (running as root). The files are saved on the external sd card, /media/mmc1 although it didn't seem to bother it if the card was taken out. Kismet ran for over 30 minutes, including times when the screen went to sleep, with no problems.

The one issue, that Kismet warns you about, is that the wi-fi card is inoperative when Kismet exits. everything looks normal - the icon shows a connection, ifconfig looks normal, but the interface can't communicate with the outside world. On the Zaurua (running Angstrom) I was able to restart the card using the following script:


ifdown wlan0
pccardctl eject 1
pccardctl insert
ifup wlan0


but so far I haven't found pccardctl (or the older cardctl) anywhere
so the workaround for now is


shutdown -r now


If anyone has any suggestions about restarting the wifi interface, I'd love to hear them.

Walt

Sorry my friend , but there is no bora distribution of kismet at the place you mentioned.
_______________
(bora)

Package:
[user]
becomeroot (v. 0.1-2)
locales-extras-polish (v. 2.3.5-1)
libsdl-net1.2 (v. 1.2.5-7)
locales-extras-catalan (v. 2.3.5-1)
privoxy (v. 3.0.6-2)

Could you kindly tell me how have you downloaded kismet bora distribution ?
Web link would suffice.

Darius

If you follow the first link I gave, then click on the Dists folder, then on the Bora folder you get to http://eko.one.pl/maemo/index.php?path=dists%2Fbora/

As for how I installed it, I added the Application Catalog, http://eko.one.pl/maemo into the Applications Manager and went from there.

Then I followed the same procedure to resolve the missing dependencies:
- Search at gromayer.com
- Add the catalog into Application Manager
- Install the missing part(s)
- Go back and try Kismet again.

Just as an aside, I have mentally drawn a parallel between this process and the Package Manager on the Zaurus (Angstrom and pdaXrom versions) but evidently I am wrong. The GUI on the Zaurus is just a front end to ipkg; I thought that the Applications Manager on the N800 had the same relationship to apt-get but that reasoning seems to be false. If anyone can clarify that I'd appreciate it.

Walt

i cannot see a kismet package there, either.
any clues on a package for the N810s?

Odd. There is no Kismet under bora but there is under mistral.

I have my application manager pointing to the level above that,http://eko.one.pl/maemo and the version it installed works on my N800 running OS2008. that *should* run on the 810 but I'm no expert so I wouldn't guarantee it.

Walt

After puttering around for awhile, I got Kismet to work with my Holux BT GPS and you ain't gonna believe the solution.

1. Started Maemo Mapper and enabled the GPS
2. Did the sudo gainroot thing in X terminal
3. Ran kismet

Just went around my block and it logged the max and min lat/longs of the 100 or so AP's in my neighborhood. I am quite psyched! Now onto mapping! I'm wondering if I lucked out on the kismet.conf tweaking 'cuz I'm a user not a programmer. (Thanks to Thoughtfix and Gnuite for their thoughts and Andrea Lange for the Italian instructions for Wardriving with your 770 that started me on this.) I hope others can duplicate this. If there is anything you need off my N800 let me know (and possibly help get it copied...)


Have you had any luck getting the APs to show up on the map?
I did the same thing, and the Lat/Long shows up in the kismet screen, and of course in the data file, but all that showed on the map was the track I took while driving around.
That doesn't surprise me, really. I wonder if there is anything that could be done with the POI mechanism to plot the APs.

I also suspect, but haven't tried it, that kismet would find the GPS without help from the mapping program, once it's paired with the N800.

Walt

it looks as if the maintainer of eko.one.pl has removed the kismet mistral package many of the posts in this thread reference. is there another source for that package?

How do all!

I'm sorry I didn't make it clear earlier about my motives for accumulating data earlier. I do NOT use Maemo Mapper or the Wayfinder product for mapping, just the GPS interface so my BT GPS is seen by Kismet. If I don't, then the GPS BT interface turns off after about 5 minutes. After a WarDrive, I upload my data to WiGLE.net and use their mapping software to check out my points on my Windows PC. I'm not sure how the mapping programs handle waypoints. I wonder if the XML data that Kismet creates can be converted to waypoints.

I've recompiled it under the current environment, and want to make a DEB, but I don't have a good set of .conf files for the Nseries. Does anyone have one they can point me at or upload?

And apparently the kismet deb has been removed form the eko archive.

http://zdez.org/nokismet-0.0.1.deb

1. depends on tcpdump (actually libpcap). Install that first, but I have a dependency in the deb.

2. add a line to /etc/sudoers for /usr/bin/kismet (or tell me how to put that in the .deb - apparently adding a file with the line to /etc/sudoers.d/ doesn't work). Then you can launch it via "sudo kismet". Or from the status bar launcher:
osso-xterm 'sh -c "echo kismet | sudo gainroot"'
which worked for me before without the /etc/sudoers mod.

3. it should use gps if you turn it on. (/usr/libexec/navicore-gpsd-helper is the program), but I didn't have a lock.

4. The above and other /usr/etc/kismet*.conf files haven't been thoroughly tested, only to the point that it comes up and works on my n810.

5. It seems to time-out after a while, but that might be my connection or the connection manager trying to update my RSS feed and trying to pull the interface back. Generally shutting wlan0 down and bringing it up again fixes things after kismet exits.

6. PLEASE try it, tweak it, get it working, and report back so I can incorporate the fixes.

i never meddled with the gui config file. attached is my kismet.conf. seems the eko repo was redesigned and now excludes previous versions of ITOS.

i had copied it back some time ago and can install it, when ncurses-base and libpcap0.8-0.9.5 is installed before hand. for what ever reason, the version i have requires the 0.8-0.9.5 version and wont take the plain 0.9.5 version.

This is my old Zaurus (with a Cisco PCMCIA card and GPS):

http://homepage.mac.com/tz1/.Public/zaurus/scrn012.png

I should have this working on my n810 in a few days.

Though I might have to figure out how to do a USB host mode wifi with external antenna.

hi tz1,can you help me to install kismet on a n800?
using the 0s2007 i got it easily,but now with the last release os2008 i have many wireless tolls installed ,but no kismet...

tz1, any specific reason you are recompiling? The version I downloaded works fine (no extra configuring) on my N800/OS2008. kismet_2007.01.R1b-1.0_armel

Two reasons, one, I can't find whatever you did to download (though someone provided an archive), so I had to rebuild it myself. Two: I may end up doing some special things which might require different options or a recompile, and it was suggested the old version wasn't completely stable or didn't put things back, so I might be able to fix that.

Just curious, but would the official debian kismet package for armel work?
http://packages.debian.org/en/sid/armel/kismet/download
As the eko-repository is gone (and I didn't keep the .deb) I am hesitant to test it on my device but maybe this one runs just fine (with some major configuring, though, as you would have to choose the correct capturing device and stuff in the .conf-files)

It might work. I just don't know if the packages are compatible (i.e. the dependencies, libraries, etc.).

hi guyz,

I have the eko.one.pl(mistral) kismet running on N800(chinook). It dances around all the SSIDs on the initial screen(curses display), but on sorting the networks by SSID and pressing 'l' (el), it gives me a "server is not reporting card power levels. No signal info is available" error. If I press an 'i' to view network details, I get zero signal and noise values, no matter what access point or network I select. I tried nokia770 and prism54g as sourcetypes in kismet.conf but got the same behaviour...anybody got any light to shed on this pbm?? Thanks.

I still have my copy of kismet_2007.01.R1b-1.0_armel.deb.

If anyone needs it, PM me.


Edit: Rapidshare download (http://rapidshare.com/files/100258434/kismet_2007.01.R1b-1.0_armel.deb.html)

Great, so we have some kind of backup copy ;-) I think it would be great if you could upload this to some one-click filehoster... Or maybe some repository manager might adopt it...

/Edit: Thanks @bluesubaru, that was quick ;-) Actually I wanted to mirror the file on some German filehoster to get a speed increase for European users, but Rapidshare has local servers in most countries, so there is no need for it anymore

http://zdez.org/nokismet-0.0.1.deb

4. The above and other /usr/etc/kismet*.conf files haven't been thoroughly tested, only to the point that it comes up and works on my n810.


The only thing which might be nice would be to set the festival path in kismet_ui.conf to /usr/bin/flite (if flite is installed)... and kismet can speak ;-)

5. It seems to time-out after a while, but that might be my connection or the connection manager trying to update my RSS feed and trying to pull the interface back. Generally shutting wlan0 down and bringing it up again fixes things after kismet exits.

This should stop if you disable automatic wlan connectivity and set it to "ask always" (translation guessed - i have a german os). Then you have to disable your current wlan connection (so that you are not associated to any wlan) before you start kismet.

6. PLEASE try it, tweak it, get it working, and report back so I can incorporate the fixes.

Actually I can get it to run without problems, but kismet keeps finding new wlans because it messes up the SSIDs... but it seems to do this in some random way (or at least I don't see a pattern).
So, say after 3s you find ssid "def\001ault" after 2s you find "d\314efault" and so on...
This is so strange that my guts tell me that it most probably won't be fixed with some .conf-files...

/Edit: I noticed you use prism54g as source type while the "eko-kismet" uses the source-type "nokia770". Maybe this would do the trick?
/Edit²: Yes it does - When I run the eko-kismet with a prism54g source I get the same errors as with your build

Maybe you could start an extra thread for your compiled version of kismet, so that one could subscribe to it and be notified when a new version is published...

I'm in massive overtime mode at the moment. When I get some time I'll see what I can do.

*g* Take your time - actually your build runs far better than I expected (for version 0.1 ;-) and all of those little things I found can be done by .conf-files
I will uninstall eko this evening and try your build again in some kind of long-run test, but with the right capture source it seemed to be quite stable.

If you come up with better conf files, attach them or post the diff or relevant lines.

... all of those little things I found can be done by .conf-files ... with the right capture source it seemed to be quite stable.

If you come up with better conf files, attach them or post the diff or relevant lines.

I would also like to know how to set up the tz1-kismet to be "quite stable". What do I need to tweak?

I have uploaded that .deb to my downloads - see http://www.zaurus.org.uk and follow the downloads to nokiatablet

Has anyone figured out how to pull the kismet gps data into a mapping tool?

Ideally, the n810 Map app as a wifi POI, but anything would do really.

Ok... I will try to give a little step-by-step guide how I think it makes sense...

Packages to install before kismet:
flite (Speech output when a new wlan is found. Very cool)
aircrack-ng (airmon-ng is fine to get your wlan *out* of monitor mode once you quit kismet, otherwise you might have to reboot your tablet)
becomeroot (we need some way to become root)

Install kismet from tz1's link (you might need the red pill mode for this, but I don't know exactly - it might work as root in a shell with dpkg -i [debfile])

! Important: Use this only with tz1's build! eko's build places the .conf-files under /etc/kismet !

Download my confs from http://rapidshare.com/files/100860666/kismet_confs.tgz.html
and save this .tgz-file somewhere on your tablet where you will find it again.

Open a x-term shell, become root (sudo gainroot) and copy the file you just downloaded to /usr/etc and untar it there:

cp kismet_confs.tgz /usr/etc
cd /usr/etc
tar -xzvf kismet_confs.tgz

This will overwrite the standard .confs with my versions.

Changes from tz1's original confs:
1.) Disable apm (doesn't work anyway)
2.) disable sound (same)
3.) enable speech (with flite)
4.) change the capture source from prism54g (produces rubbish) to nokia770 (fine)


The data files will be written to /media/mmc1/, so you should have an exchangable card in there, if you want to change it, edit kismet.conf.

I can only say that it works fine for me, so I hope it will for you.

Oh and if you want metric units (for speed from gps and stuff) set
metric=true in kismet.conf

/Edit: Forgot half of the important stuff ;-)

Running Kismet
============
Set your wlan to *not* connect automatically, if you are connected to a wlan, quit the connection (gray wlan symbol).

Open your terminal, become root, and start kismet by typing kismet ;-)

After running kismet your wlan might be in some half-zombie mode (you have this case if you click on your gray wlan icon and it won't find any wlans).

In this case type
airmon-ng stop wlan0

This should do the trick

I got kismet working with Tantris instructions, thanks.
I have problem with gps logging. Kismet doesn't save gps coordinates very often, only about once a minute. Most of the APs don't get any gps information. Does anybody know how to get kismet to save more gps data?

Hi mikkov,

Do you use the gps in a n810 or do you have an external gps?

You might want to ask the developer directly at http://kismetwireless.net/Forum/General/

Unfortunately I don't know the exact version of kismet tz1 compiled into the .deb-file - maybe it would work with a newer version, maybe it is the most recent one...

I tested with N800 and LD-3W gps receiver. But I will test this also with N810.

If anybody else has tried this, I'd be glad to hear.

I was asking because I didn't get any data with the built-in gps from a n810 with eko's build. I haven't tried it with tz1's build yet...

I changed gpsmodelock to 'true' and now gps data is saved every second. Tested with n800 and ld-3w

So my process for getting a map while doing wifi audits is this:

1) Run kismet with GPS enabled obviously
2) Use kismel2kml to convert the xml file generated by kismet into a kml file
3) Use gpsbabel to convert the kml file into a gpx
4) Import the gpx into Maemo mapper as a POI series

I need a way to de-dupe the kismet file or the kml by eliminating multiple BSSIDs.

I used kismet earth php script which gives pretty nice kml. http://www.niquille.com/kismet-earth/

There are many other scripts floating around if you just keep googling.

edit: don't know about importing to maemo mapper

@mikkov

gpsmodelock=true seems to work very well on the n810, too! Maybe I have time for a little war-walk tomorrow ;-)

For all:
=====

"My" kismet-conf files with gpsmodelock=true are here for download:
http://rapidshare.com/files/101731906/kismet_confs.tgz.html

(I will take the old confs down, once gpsmodelock=true is proven to be better than false ;-))

Instructions for unpacking etc. can be found here http://www.internettablettalk.com/forums/showpost.php?p=157591&postcount=81

I think you can attach files to posts (esp. small files) - rapidshare keeps telling me I didn't type in the security code right.

Okay, the forum will not let me attach .tgz-files... but .zip-files are ok, so I renamed it. Actually it shouldn't make any difference for tar which ending the file has, in order to remember what it is it might be useful to rename this one to kismet_confs.tgz once you downloaded it...

http://www.zdez.org/sox-13.0.deb

Has /usr/bin/play symlinked to sox plus one lib. Nokia has lots of stuff in /usr/share/sounds, or you can get the original kismet source tree which has their waves.

tz1: Do you know if your build should work on 2008HE?
I didn't manage to run it on my 770, kismet quits after client has launched and connected to server:
"Error opening terminal: xterm."
Did someone have the same issue?

tz1: Do you know if your build should work on 2008HE?
I didn't manage to run it on my 770, kismet quits after client has launched and connected to server:
"Error opening terminal: xterm."
Did someone have the same issue?

I had the same error. The reason is missing ncurses, install ncurses directly (with apt-get) or install nano which will pull ncurses as a dependency.

I don't appear to be getting signal strength readings (though I'm getting GPS now). I originally tried Prism instead of nokia770. Could others try and see if in their logs (GPS or otherwise) they get a signal strength? (I was wondering why no colored circles on my map, but I won't annotate a zero signal strength AP).

one pet peeve with the old version of kismet: if you select the output type to be CSV, it writes a SSV (semi-colon separated value) instead. can the default delimiter be changed to a comma in this version? that way gnumeric can read the file correctly.

i hacked this together, and is just a PITA to have to do it...

year=`date +%Y`
mon=`date +%b`
day=`date +%d`

sed 's/;/,/g' ./Kismet-$mon-$day-$year`{*}`.csv > ./Kismet-$mon-$day-$year`{*}`.new.csv 2&>1

I think I remember someone saying that the driver doesn't report the signal strength; airodump shows -1 as PWR, too. On the other hand, iwlist scanning wlan0 shows signal strength values - maybe this information gets lost once you enter monitor mode? It's sad that the driver is closed source...

There is an opensource version of the driver. They might not have set it up so it returns signal strength in monitor mode, but I do have the source for the module. It may not be what the stock n810 is using, but I should be able to rmmod the old and insmod the new - I should try it anyway.

https://garage.maemo.org/frs/?group_id=12 has the opensource driver, but for an earlier kernel, and a quick attempt at a compile and load failed (it doesn't like the symbols in the n810 so won't load, but I also had to try a few quick patches to make it compile).

However it does apparently return signal strength in monitor mode.

I'm doing a bit too much overtime so I might not get to this too soon, so if someone else could update it to the current kernel, I'd appreciate it.

There was some earlier discussion on this driver on various threads including http://www.internettablettalk.com/forums/showpost.php?p=70552&postcount=7

Like most of most posts, this has to begin with the caveat "sorry for being such a noob, but. . ."

I've downloaded kismet from the rapidshare link posted by bluesubaru in post #72. I've saved it on my external memory card. Can some tell me the exact xterm script to install from that location?

I'm totally new to Linux, so working with my n800's CLI is quite a learning experience for me. I've figured out red/blue pill mode, installed open ssh, and know how to gain root access. Bluesubaru indicates that either of these may be necessary for installing kismet. I'm pretty sure I've worked out that part, but I'm not familiar with installing apps from the CLI.

Thanks in advance for your help!

Hi,

actually, if you are in red pill mode clicking the .deb-file in the file manage should fire up the application manager.
if you want to install it via the command-line become root and do a "dpkg -i foo.deb".

However, for kismet I would suggest tz1's build which is more recent than eko's build which bluesubaru mirrored. Just make sure to get the corrected *.conf-files for tz1's build (if I remember correctly I gave instructions for unpacking the .conf-files in posting #81 in this thread, the most recent .conf-files from me can be found in #91).

Thanks for the reply. I'm having a hard time finding tz1's build. Could you possibly point me in the right direction? I must be really dense, but I've looked through this thread multiple times, and the only link to the kismet app proper I found was the one bluesubaru posted (not counting the now defunct eko link).

Thanks again.

It was here
http://www.internettablettalk.com/forums/showpost.php?p=150855&postcount=63

Unfortunately it is "before" bluesubaru's mirror of eko's build, but actually tz1's is more recent...

Do you have a bluetooth gps which you want to use with kismet? If so, use the first version of my configs (posting 81) and not the newer one.
The difference is that the older "#81" version waits for the gps to report a fix, the newer confs don't; the reason was that the n810's built in gps doesn't report any fix at all. But chances are good that an external bt gps behaves correctly and so waiting for a fix would be reasonable.

Thanks again. No I do not yet have a gps module, but I intend to get one. So I guess I'll go with the earlier configs.

According to tz1's post, I need to install tcpdump. Any idea where I can find that? I'm not getting any love from tcpdump.org.

Many, many thanks.

You can look for it here http://gronmayer.com/it/index.php?lang=en
Just make sure to select the correct OS Version before you use it.
The site also allows you to add all repositories currently available which is very helpful... Actually I use the application manager to look for new stuff now and then ;-)

Ok Tantris, I followed the directions you specified in post 81, using the frst config file. I think I'm close to getting it working, but I got the following error msg:

/home/user # kismet
Launching kismet_server: /usr/bin/kismet_s erver
Will drop privs to user (29999) gid 29999
No specific sources given to be enabled, a ll will be enabled.
Non-RFMon VAPs will be destroyed on multi- vap interfaces (ie, madwifi-ng)
Enabling channel hopping.
Enabling channel splitting.
Source 0 (wlan): Enabling monitor mode for nokia770 source interface wlan0 channel 6 ...
Source 0 (wlan): Opening nokia770 source i nterface wlan0...
Spawned channel control process 2186
Dropped privs to user (29999) gid 29999
Allowing clients to fetch WEP keys.
configdir '/home/user/.kismet/' does not e xist, making it.
SSID cloak file did not exist, it will be created.
IP track file did not exist, it will be cr eated.
Logging networks to /media/mmc1/Kismet-Mar -29-2008-1.network
Logging networks in CSV format to /media/m mc1/Kismet-Mar-29-2008-1.csv
Logging networks in XML format to /media/m mc1/Kismet-Mar-29-2008-1.xml
Logging cryptographically weak packets to /media/mmc1/Kismet-Mar-29-2008-1.weak
Logging cisco product information to /medi a/mmc1/Kismet-Mar-29-2008-1.cisco
Logging gps coordinates to /media/mmc1/Kis met-Mar-29-2008-1.gps
Logging data to /media/mmc1/Kismet-Mar-29- 2008-1.dump
Writing data files to disk every 300 secon ds.
Mangling encrypted and fuzzy data packets.
Tracking probe responses and associating p robe networks.
Reading AP manufacturer data and defaults from /usr/etc/ap_manuf
Reading client manufacturer data and defau lts from /usr/etc/client_manuf
Using network-classifier based data encryp tion detection
Not tracking duplicate IVs
Dump file format: wiretap (local code) dum p
Crypt file format: airsnort (weak packet) dump
Kismet 2007.10.R1 (Kismet)
Logging data networks CSV XML weak cisco g ps
GPSD cannot connect: Connection refused
Listening on port 2501.
Allowing connections from 127.0.0.1/255.25 5.255.255
Registering builtin client/server protocol s...
Registering requested alerts...
Registering builtin timer events...
Gathering packets...
Launching kismet_client: /usr/bin/kismet_c lient
Launched client, pid 2187
NOTICE: configdir '/root/.kismet/' does no t exist, making it.
NOTICE: Group file did not exist, it will be created.
Looking for startup info from localhost:25 01..... found.
Connected to Kismet server 2007.10.R1 on l ocalhost:2501
Reading AP manufacturer data and defaults from /usr/etc/ap_manuf
Reading client manufacturer data and defau lts from /usr/etc/client_manuf
Error opening terminal: xterm.
Didn't see any weak encryption packets, un linking weak file
Sending termination request to channel con trol child 2186...
Waiting for channel control child 2186 to exit...
WARNING: Error disabling monitor mode: mod e set ioctl failed 22:Invalid argument
WARNING: wlan (wlan0) left in an unknown s tate. You may need to manually
restart or reconfigure it for nor mal operation.
WARNING: Sometimes cards don't always come out of monitor mode
cleanly. If your card is not ful ly working, you may need to
restart or reconfigure it for nor mal operation.
Kismet exiting.
Done.
/home/user #

Any idea what I've done wrong?

And thanks so much for all the info!

Hmm sadly I can't say what the reason is - and I only have experience with the n810.
The first evil line here is the
Error opening terminal: xterm

The strange thing is that the xterm application is not called xterm but osso-xterm...
Unfortunately I can't say why it "wants" to open something called "xterm"... The "Error"s later are normal, so I guess it's all about the xterm-line.

Did you install ncurses-base? But I think you've got to have it installed for installing kismet...

Maybe some other n800 users could give some advice?

/EDIT seems to be curses related, when I searched the forum for the xterm-line I found some stuff which was also ncurses-related. Get the packages libncurses and ncurses-base...

http://www.zdez.org/nokismet-0.0.1a.deb - the deluxe version with updated .conf files and sound support (sox included).

Note the built-in GPS does give fix information, but it must be turned on manually (or use a map). My zmapper application does this when it starts up. But using just the n810 with zmapper running, I got GPS positions in the log. If I have time this weekend it will also annotate channel information (it should work if there was signal strength to be had).

Great, tz1, will try it tomorrow, err, today...
This gps-fix-thing is strange as I started my gps by firing up maemo mapper and nevertheless the gps log was empty until I told kismet to ignore the fix information.
Of course the n810's gps *can* report a fix and in maemo mapper I can see whether there is one or not... In the last days I played around with (lib)gpsbt in python and while I could start and stop the gps and get the position, it always said "no fix"... is there some special way to check for a fix?

I think you also need libncurses, which I don't have as a dependency.

If you can launch kismet_server alone, that is likely the problem.

OK, I owe a lot of gratitude to you Tantris. Indeed it was the lack of ncurses-base that was the problem. I've got it up and running now. Thanks again.

Now I just need to figure out how to use it!

I'm glad it worked for you - Kismet is a wonderful piece of software and the support on the ITs is actually quite good... if only the wireless driver would report a signal quality ;-)

If you telnet or socat to the gpsd port (tcp/2947), you can see if it returns the information kismet uses for a lock.

Type "PAVMH" - I don't think H (heading) is supported, but the other three will return ? if not locked, or the lat/lon, altitude, speed if locked.

Meanwhile, the kernel shift past 2.6.20 seems to be creating some annoyances with the cx3110x opensource driver. I may need a new kernel (with a few more exported symbols).

I used to have a patch that would decode the NMEA stream for kismet instead of the GPSD commands. I'll have to see if I can find and adapt it. I also have a few of my own GPSD programs.

I don't know if it is any help, but talking to the gps in python is incredibly easy... but then again a python script would have to supply the information... or it might "fake" a GPSD at another port. Some basic playing with the GPS in Python can be found here
http://www.internettablettalk.com/forums/showthread.php?t=18454

http://www.zdez.org/nokismet-0.0.1a.deb - the deluxe version with updated .conf files and sound support (sox included).

On the n810 i was able to get this deb to work. I only changed log dir location in the config file.

I start maemo mapper first, and then run kismet as root. Flite tells me when kismet finds something. Kismet makes a gps file for me.... with a modifed kismet2gpx perl script I was able to get POIs to show up in mapper.

Problems:
Kismet seems to stop logging after about 10 minutes or so. The error is not in front of me at the moment, but it mentioned somthing about a server and end of file (EOF).

No singnal strength data... I thought I read some place that an open source driver existed that helped with this, but I cannot seem to find any info.

The perl script really is only good putting dots on the map so far... no aditional info.

I have seen the same issue. I don't know what is the cause but airodump-ng is able to scan and dump frames for more than 10mn without problems (I'm seeing a lot of malformed packets in wireshark but I don't know if it's due to the platform)

Any other experience ?

Hey I'm running OS 2008 on an N800
I've gotten the Aircrack-ng suite to run, as well as nmap, metasploit, and dsniff.
I could not get the nokismet port to install, but the 2007 version seemed to, however, I need ncurses and libpcap. I could not get these from the maemo extras repository. Does anyone have these?
Also, I am interested in compiling a small web account with links to all the maemo IT OS 2008 pentesting tools.
Does anyone have a list and places from which to download these?
Thanx

I got ncurses to install by running an apt-get install nano

Thanks, is this a command line thing?
Could you expound somewhat?

btw, new version of kismet was released couple of days ago http://www.kismetwireless.net/. There are some maemo specific changes, but I think that most of them have been included in maemo builds already.

Thanks, is this a command line thing?
Could you expound somewhat?


Yup, just ssh in or open up a terminal window, then enter the command above as root.



I'll be interested in seeing your OS 2008 pentest tools links. It may be best just to make a thread on this forum with all the links. It'll be easy to update and easier for NIT users to find that way.

Great thank you!
What about the newest libpcap?

I have to look into that... but maybe you can help me out.....how did you install the .deb ? http://www.zdez.org/nokismet-0.0.1a.deb gives me an incompatable package error.

Me too
I had to use the older 2007 version (I think it still works on OS 2008)
It will start to install so I think it is compatible, but then it says that the libpcap is the wrong version.
I got the deb from bluesubaru's rapidshare here: http://rapidshare.com/files/100258434/kismet_2007.01.R1b-1.0_armel.deb.html
Thanx for your help

Ok, here's the link to the thread with the Pentesting tools list:
http://www.internettablettalk.com/forums/showthread.php?t=20648

Most of this discussion pertains to 810 and 800. Should I bother trying to setup Kismet on N770? Does it work? I'm running OS 3.2006.49-2.

upgrade to os 2007 hackers edition

upgrade to os 2007 hackers edition

Is that a requirement or a recommendation?

possibly both

Hi all;

I've watching and reading this thread, but I'm still fairly confused.

Q: Is there a stable kismet build for the n810?
There is a posting on the Kismet site that implied that it is not ready for the n810 - stability problems. I saw that page a few days ago, but now cannot find it.

Q: Is there an "official" binary for the n810, other than nokismet-0.0.1a.deb?
When I go to the kismet site, I can find the stable source, but not the binaries:
http://www.kismetwireless.net/code/kismet-2008-05-R1.tar.gz
Should I just try kismet-2008-05-R1.tar-1.gz\kismet-2008-05-R1.tar-1\kismet-2008-05-R1\debian\kismet.install , or I should I just use nokismet-0.0.1a.deb?

Q: Will I need updated drivers, libraries, etc? I installed nano, so I'm hoping that will take care of ncurrses.

Q: Is kismet the best solution?
I'm trying to "see" as much as I see with netstumbler on a windoze laptop, + also raw frames, hidden SSIDs, etc. I don't need pretty graphics. Is kismet the easiest methodology, or should I be trying something else?

My staff manages a huge wireless infrastructure. I'm trying to decide if n810's for them will help them look for rogue APs, or if they are better off using their Windoze laptops. They are very skilled with networks, cisco, wireshark, etc. , but very weak with Linux.

Thanks,

Steve

The best you can probably do is the one I put together:

http://www.zdez.org/nokismet-0.0.1a.deb

There is no official binary. You won't need drivers. This should just work after you install it (and run kismet - I forget if root is needed, and there might be some conf file tricks but they would be in the threads).

Note you need to do minimally ifconfig wlan0 down / ifconfig wlan0 up after running kismet to restore things.

tz1, app manager gives an "unable to install nokismet incompatible application package" error when trying to install the deb you linked.

There is a details or something when it says that. What does it say is wrong?

btw tz1 i got the same error heres the log output
hildon-application-manager 2.0.2
/usr/bin/dpkg-deb -f '/media/mmc1/backups/instals/nokismet-0.0.1a.deb'
Package must have "Section: user/FOO" to be considered compatible.
FAILED: tcpdump

Hi;

Tz1; thanks for keeping an eye on this thread. I'm getting the same failure as Joe:

/usr/bin/dpkg-deb -f '/media/mmc1/download/nokismet-0.0.1a (1).deb'
Package must have "Section: user/FOO" to be considered compatible.

I've confirmed I have tcpdump installed.

Still a bit too green to help myself much here.

Thanks,

Steve

Here are my two cents, summary of kismet installation.
I reflashed my N810 (well, I had to...) and installed these packages:

- becomeroot
- flite
- nano
- wifiinfo
- wirelesstools

downloaded nokismet, than as root:
dpkg -i nokismet-0.0.1a.deb (ignoring errors)
apt-get -f install (repairs/ads libpcap0.8 and tcpdump which were missing)

copied the two config files posted in this thread to /usr/etc

kismet runs fine!

to reinable wlan after kismet use:
ifconfig wlan0 down
iwconfig wlan0 mode ad-hoc
ifconfig wlan0 up

rolfok!

U da man! ... and also everyone else, in this thread and elsewhere, who helped me.
"I stand on the shoulders of giants".

Your hint, combined with careful re-reading of the entire thread, has resulted in almost 100% sucess. I'm taking notes and will turn this all into a wiki 'noob kismet install'...

http://www.panoramio.com/photos/original/11501250.jpg

Installed, runs, just one minor error the first time I ran it:

FATAL: Dump file error: Unable to open dump file /media/mmc1/kismet/Kismet-Jun-24-2008-1.dump (No such file or directory)

I also noticed that it did not produce any of the output files, even though it claimed to be writing them. There was no /media/mmc1/kismet directory. So, I manually created it and tried again, and this time I was rewarded with the real time Kismet screen in xterm!

Here's the lines from xterm, from install, to running:

Nokia-N810-51-3:/media/mmc1/download# dpkg -i nokismet-0.0.1a.deb
Selecting previously deselected package nokismet.
(Reading database ... 19195 files and directories currently installed.)
Unpacking nokismet (from nokismet-0.0.1a.deb) ...
Setting up nokismet (0.0.1a) ...
Nokia-N810-51-3:/media/mmc1/download# cd /
Nokia-N810-51-3:/# kismet
Launching kismet_server: /usr/bin/kismet_server
Will drop privs to user (29999) gid 29999
Enabling GPS position lock override (broken GPS unit reports 0 always)
No specific sources given to be enabled, all will be enabled.
Non-RFMon VAPs will be destroyed on multi-vap interfaces (ie, madwifi-ng)
Enabling channel hopping.
Enabling channel splitting.
Source 0 (wlan): Enabling monitor mode for nokia770 source interface wlan0 channel 6...
Source 0 (wlan): Opening nokia770 source interface wlan0...
Spawned channel control process 2195
Dropped privs to user (29999) gid 29999
Allowing clients to fetch WEP keys.
configdir '/home/user/.kismet/' does not exist, making it.
SSID cloak file did not exist, it will be created.
IP track file did not exist, it will be created.
Logging networks to /media/mmc1/kismet/Kismet-Jun-24-2008-1.network
Logging networks in CSV format to /media/mmc1/kismet/Kismet-Jun-24-2008-1.csv
Logging networks in XML format to /media/mmc1/kismet/Kismet-Jun-24-2008-1.xml
Logging cryptographically weak packets to /media/mmc1/kismet/Kismet-Jun-24-2008-1.weak
Logging cisco product information to /media/mmc1/kismet/Kismet-Jun-24-2008-1.cisco
Logging gps coordinates to /media/mmc1/kismet/Kismet-Jun-24-2008-1.gps
Logging data to /media/mmc1/kismet/Kismet-Jun-24-2008-1.dump
Writing data files to disk every 300 seconds.
Mangling encrypted and fuzzy data packets.
Tracking probe responses and associating probe networks.
Reading AP manufacturer data and defaults from /usr/etc/ap_manuf
Reading client manufacturer data and defaults from /usr/etc/client_manuf
Using network-classifier based data encryption detection
Not tracking duplicate IVs
FATAL: Dump file error: Unable to open dump file /media/mmc1/kismet/Kismet-Jun-24-2008-1.dump (No such file or directory)
Sending termination request to channel control child 2195...
Waiting for channel control child 2195 to exit...
WARNING: Sometimes cards don't always come out of monitor mode
cleanly. If your card is not fully working, you may need to
restart or reconfigure it for normal operation.
Kismet exiting.
Done.
Nokia-N810-51-3:/#

Hi all Kismet people;

I'm making nice progress. Read the Kismet README, found some sites that have usage tips, and went through all the help screens and the conf files. Still have a few questions, though.

* Is the 'readme' the manual? No other docs seem to be available on the Kismet site. Would love to read and not have to bug ITT people.

* The Readme hints that the "!" and "." have something to do with decay, but not much detail is provided..
http://www.panoramio.com/photos/original/11549098.jpg

* I have an n810. The confs that came with tte .deb specify
source=nokia770,wlan0,wlan, but the readme hints there is a driver for the n810 :

nokia8x0 Nokia 800,810
http://maemo.org/
Nokia 8x0 capture interface, including support for
FCS validation.
The Nokia drivers appear to exhibit instability while
capturing where they stop reporting packets. This may
be minimized by setting the Network Scan interval to
"never" in the control panel->networking section.

I tried source=nokia8x0,wlan0,wlan, and source=nokia810,wlan0,wlan, but those do not work - kismet complaind about 'no such driver' and would not run. The 770 drivers seem to work for the most part, but I'm curious about the error. Is that because the .deb was compiled with just the 770 driver?

* Signal strength is not reported. Is that correctable?

Sorry to shot gun all these questions, but I will put the answers in the wiki.

Thanks,

Steve

I flashed my n810 to Diablo today and got all my apps, including kismet, running again. I was hoping that kismet would be more stable, but before I could test, I noticed something odd.

Now, when I press r to pop-up the packet rate graph, nothing happens.

Anyone else running kismet under Diablo and having the same problem?

Thanks,

Steve

I noticed the same on my n800 running Diablo and Kismet. pressing 'r' has no reaction.

I just updated my Debian chroot and one of the applications that got updated in Debian Sid is Kismet (version 2008-05-R1-1). However, it failed to install correctly. Why? Here's the error:

maemo-select-menu-location: command not found

That suggests that the current version of Kismet for Debian is trying to put the Kismet icon into a maemo (OS2008) menu. Why? Did they borrow code from tz1? Or what?

I'd like someone to try installing Debian Kismet by searching for the kismet package in the Sid distro and armel architecture at packages.debian.org ... see if it just installs into OS2008.

Hey Blueski ...

Are you running tz1's 2007 version? Do you also have the problem with packet grabbing stopping after a while?

Steve

qole: I've download from HERE (http://packages.debian.org/sid/armel/kismet/download)

I get incompatible package from Application Manager, and from dpkg I get:

(Reading database ... 20750 files and directories currently installed.)
Unpacking kismet (from kismet_2008-05-R1-1_armel.deb) ...
dpkg: dependency problems prevent configuration of kismet:
kismet depends on libc6 (>= 2.7-1); however:
Version of libc6 on system is 2.5.0-1osso9.
kismet depends on libgcc1 (>= 1:4.3); however:
Version of libgcc1 on system is 1:3.4.4cs2005q3.2-5.osso8.
kismet depends on libgmp3c2; however:
Package libgmp3c2 is not installed.
kismet depends on libmagick10; however:
Package libmagick10 is not installed.
kismet depends on libncurses5 (>= 5.6+20071006-3); however:
Version of libncurses5 on system is 5.4-3.osso4.
kismet depends on libstdc++6 (>= 4.3); however:
Version of libstdc++6 on system is 3.4.4cs2005q3.2-5.osso8.
kismet depends on zlib1g (>= 1:1.2.3.3.dfsg); however:
Version of zlib1g on system is 1:1.2.3-9.osso8.
kismet depends on wireless-tools; however:
Package wireless-tools is not installed.
kismet depends on wireshark-common; however:
Package wireshark-common is not installed.
dpkg: error processing kismet (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
kismet

Nokia-N800-23-14:/media/mmc1/tmp/tmp#

Hope that's helpful!

I've been running the nokismet build for some time now with no problem - I've logged well over 1000 hours, so I'm pretty happy with that build on the N810.

I now want to build it myself and have set up Scratchbox and the Maemo SDK on my Debian PC. Whenever I try running ./configure it keeps stopping because it can't find libncurses or libcurses.

I have installed libncurses5, libncurses5-dev, ncurses-base, libcurses-perl and libstdc++ via Synaptic, but these don't seem to help. I have also run ldconfig and rebooted. I'm kind of out of ideas now.

Can anyone suggest anything?

Paxton: You said you installed those files in Synaptic. Unless you have Synaptic running in the scratchbox environment, it sounds like you installed them in the host environment. Try installing them using "apt-get" from the command line in scratchbox.

Thanks for that. if I try apt-get install libncurses or apt-get install libcurses inside Scratchbox it says it can't find those packages.

As my libncurses is actually libncurses5, it sounds like there needs to be a symbolic link set up in Scratchbox to point from libncurses to libncurses5. Sounds like this is on the right track.

Checking up on it, though, there is already a link from /usr/libncurses.so to /lib/libncurses.so.5.5 so it ought to be working.

See thread at http://www.internettablettalk.com/forums/showthread.php?t=20888

The deb in the 2008 has some problems and I'm working to fix them. I have a patched version that functions but still needs cleanup.

(and that darn sox for playing waves needs to be debianized, but the debian project's version is broken)

HI.. sorry to be such a newbie, by I got to ask this.. can anyone post the exact steps on another thread on how to crack wep and wpa-psk on the n*00, beggining on how to instal the programs needed(nkismet and naircrack, I think thats all you need right?) the untar. thing.. and then the steps, commands etc..
I know I sound really lazy by just asking all that.. but I've been reading like all the threads and have a headache by now..
another thing.. any suggestions on a good book to learn the ins and outs off linux??

@Renanholanda

"cracking a wep network" using linux is not a difficult task. Learning to do it on your tablet however, adds layers of complication.

I would suggest installing one of the linux distros like Ubuntu (http://www.ubuntu.com) and going to this site (http://www.aircrack-ng.org) and reading the tutorials.

Once you have the aircrack suite down, and are familiar with wireless packet capturing, you can start worrying about buying hardware or using a multitude of other tools, including your tablet. Please feel free to PM me if you have specific questions, but know that there is a learning curve that you are expected to pass by yourself. Everything you need to know is freely available and well documented.

Hope this helps :)

Simple question, without running Debian in a chroot environment/memory card. What is the best N810 firmware for running Kismet at this time? What is the the best Kismet to load on said firmware?

I have collected all the firmwares from Nokia and all the various Kismet deb installers from this forum.

Here is my list so far of Kismet debs:
kismet_2008-05-R1_armel.deb
kismet_2007.01.R1b-1.0_armel.deb
nokismet-0.0.1a.deb
nokismet-0.0.1.deb

Here is my list of N810 firmwares:
RX-44_2008SE_1.2007.42-18_PR_COMBINED_MR0_ARM.bin
RX-44_2008SE_1.2007.42-19_PR_COMBINED_MR0_ARM.bin
RX-44_2008SE_2.2007.50-2_PR_COMBINED_MR0_ARM.bin
RX-44_2008SE_2.2007.51-3_PR_COMBINED_MR0_ARM.bin,
RX-44_DIABLO_4.2008.23-14_PR_COMBINED_MR0_ARM.bin

I have a freshly flashed N810 running Diablo. What is the next best step to getting Kismet running?

I would use the latest nokismet (nokismet-0.0.1.deb)
and try the diablo firmware. If that doesn't work go one step back on the firmware.
Could you possibly PM me the kismet_2008-05-R1_armel.deb, as I am still using the 2007 one (which functions with Diablo)
I can't seem to get nokismet 1a to install but if you could also PM me the newest nokismet thaat would be great.
Thanx

Here you go
http://rapidshare.com/files/132630366/kismet_2008-05-R1_armel.deb.html

Another simple question, how do I check my current firmware?

Here you go
http://rapidshare.com/files/132630366/kismet_2008-05-R1_armel.deb.html

Another simple question, how do I check my current firmware?

$ uname -n

cat /etc/osso_software_version

How are you all converting your kismet created .gps files into .gpx so they are importable as POIs in Maemo Mapper?

I've tried both of these scripts but the resulting .gpx file is not parsed correctly by Maemo Mapper.

python version:
http://wiki.openstreetmap.org/index.php/User:Dutch

perl version:
http://wiki.openstreetmap.org/index.php/User:Goldfndr

How are you all converting your kismet created .gps files into .gpx so they are importable as POIs in Maemo Mapper?


can you import the tracks into google earth?

can you import the tracks into google earth?

Sorry for not looking this up, but my repos don't have Google Earth so I don't know if it can be installed on my n810.

Sorry for not looking this up, but my repos don't have Google Earth so I don't know if it can be installed on my n810.

grin.
no, I meant copy the tracks off the tablet to a workstation for loading into g-earth.

Folks,
I just installed Kismet (TZ1's work) on my N-810. It worked great
until I shut down Kismet. I recalled that after using Kismet the machine
had to be rebooted in order to clear promiscuous mode and allow the
NIC to return to normal operation. In my case I am no longer able to
establish a connection over the NIC card, after rebooting the machine.
I did not see any comment to this effect so wonder if I messed some-
thing up?

Oh by the way, I can start Kismet up again and it is seeing packets so that part is
still working. Just will not allow me to establish communications.

Well, I got my N810 back, I had to power it down and remove the battery in order
to get normal operation back on the WiFi NIC. Kind of a pain, but worth it to have
Kismet on the box, just needed to figure out how to get regular communications
back.

Did you reboot it, or just shut it down and power it back up with the charger attached?

I had to. Thanks to tz1 and the kismet team:
http://qwerty12.maemobox.org/screenies/kismet.png

The packets! The time!

maybe you should install wireless-tools and do an "iwconfig wlan0 mode managed"

maybe you should install wireless-tools and do an "iwconfig wlan0 mode managed"

mmh, it seems that kismet already puts the adapter in managed mode (btw, Q doesn't seem to close kismet properly, I had to kill -9 it) however a

ifconfig wlan0 down
/etc/init.d/wlancond restart
ifconfig wlan0 up

allowed me to reeconnect to the access point, no need to reboot.

On my N800, I am running Kismet 2007.10.R1 which I installed from http://eko.one.pl/maemo, bora distribution. The OS version is 4.2008.30-2

It exits normally with Q and the wireless connection returns to normal. This is the first time I have seen this. With my prior installations (prior to the last re-flash to upgrade the OS) I had similar problems to what you are describing. Either using ifconfig as shown or shutting down wireless with the screen applet and restarting it again usually got it going again. I only remember once that I had to reboot, and that was after kismet froze up on me.

Walt

One must use commends to reset wlan properly:

MY_MAC="00:19:4F:AND:SO:ON"
sudo iwconfig wlan0 mode managed
sudo airmon-ng stop wlan0
sudo macchanger -m $MY_MAC wlan0

Last command used if one changes MAC before scanning, using:

sudo macchanger -r wlan0
sudo kismet

qwerty12: are you using 2008-05-R1_armel.deb? It seems to work for a few hours and then stops seeing traffic for me. thanks tz1.

Using the kismet_2008-05-R1_armel.deb mentioned earlier in this thread, what is the most straight forward way to get it using the GPS and saving data to the miniSD card?

ok, I enabled gps in kismet.conf, and get this:


~ $ kismet
Launching kismet_server: /usr/bin/kismet_server
Will drop privs to user (29999) gid 29999
Waiting for Hildon gps to enable...
No specific sources given to be enabled, all will be enabled.
Non-RFMon VAPs will be destroyed on multi-vap interfaces (ie, madwifi-ng)
Enabling channel hopping.
Enabling channel splitting.
NOTICE: Disabling channel hopping, no enabled sources are able to change channel.
Source 0 (wlan0): Enabling monitor mode for nokia8x0 source interface wlan0 channel 6...
INFO - Setting Nokia device to online/normal mode...
INFO - Waiting for normal mode... done
Source 0 (wlan0): Opening nokia8x0 source interface wlan0...
Spawned channel control process 1425
Dropped privs to user (29999) gid 29999
Will attempt to put networkmanager to sleep...
Allowing clients to fetch WEP keys.
Logging networks to Kismet-Oct-12-2008-2.network
Logging networks in CSV format to Kismet-Oct-12-2008-2.csv
Logging networks in XML format to Kismet-Oct-12-2008-2.xml
Logging cryptographically weak packets to Kismet-Oct-12-2008-2.weak
Logging cisco product information to Kismet-Oct-12-2008-2.cisco
Logging gps coordinates to Kismet-Oct-12-2008-2.gpsLogging data to Kismet-Oct-12-2008-2.dump
Writing data files to disk every 300 seconds.
Mangling encrypted and fuzzy data packets.
Tracking probe responses and associating probe networks.
Reading AP manufacturer data and defaults from /etc/kismet/ap_manuf
Reading client manufacturer data and defaults from /etc/kismet/client_manuf
Using network-classifier based data encryption detection
Not tracking duplicate IVs
Putting networkmanager to sleep...
Dump file format: wiretap (local code) dump
Crypt file format: airsnort (weak packet) dump
Kismet 2008.05.R1 (Kismet)
Logging data networks CSV XML weak cisco gps
GPSD cannot connect: Connection refused
Listening on port 2501.
Allowing connections from 127.0.0.1/255.255.255.255Registering builtin client/server protocols...
Registering requested alerts...
Registering builtin timer events...
Hildon BT failed: GPS API should be called as "user" and not as root



I read somewhere you have to patch Kismet to drop privileges to user, but I have know Idea how to do that. Any ideas?

at the top of your kismet.conf file:

# Kismet config file
# Most of the "static" configs have been moved to here -- the command line
# config was getting way too crowded and cryptic. We want functionality,
# not continually reading --help!

# Version of Kismet config
version=2007.09.R1

# Name of server (Purely for organizational purposes)
servername=Kismet

# User to setid to (should be your normal user)
suiduser=walts





the line "suiduser=" contains your non-priveleged user
kismet drops the privileges automatically.

I don't have a GPS so I can't help specifically with that, but I did notice that the line in the log, Dropped privs to user (29999) gid 29999 is the same in my installation as with yours. I'm not sure what that means, but mine does work (on the N800).

HTH

Walt

Thanks, but I'm already using the "suiduser=user option". It works find if I disable the GPS, but then it's not very useful for a wardrive. I've attached my kismet.conf file, as it is too long t post.

I didn't see anything obvious, but then I've never used GPS with kismet, so I wouldn't know what to look for. Sorry, maybe someone who's used kismet with an N810 could help.

Walt

I am hoping that the new fully opensource driver will bring us a new level of kismet compatibility!

someday. over the rainbow.

qwerty12: are you using 2008-05-R1_armel.deb? It seems to work for a few hours and then stops seeing traffic for me. thanks tz1.

I'm using kismet_2008-05-R1_armel.deb - which is the one you seem to be using :/. Have you disabled automatic search for networks etc?

@Irongeek

Make sure you are using kismet_2008-05-R1_armel.deb, that's the one with the GPS fix.

@qwerty12 that is the one I have, but when I enable the GPS I get the error from above.

Have you disabled automatic search for networks etc?

Yes, I have that disabled. Since then I have seen it go longer than 5 hours. The longest I've seen is around 8. It will always eventually stop picking traffic up and have to be restarted though. Another annoying thing that I've noticed is that if I leave kismet running overnight, with it plugged into the charger, I'll go and check it the next day and my n800 will be off! At first I thought that when it was done charging, it would then run until it ran out of battery, since Im not sure if it will ever start charging again until someone pulls out the cable and sticks it back in. That would be a major charging flaw though, because it would mean you could never leave your n800 on for large amounts of time while plugged in.

I leave my n800 online almost all the time, even overnight, when it remains plugged in, so I don't know why yours turns itself off.

well, I have a feeling its because something happens while Kismet is running. I've found it before completely frozen and the only way to get it to restart was to remove the battery while kismet was running too.

just in case anyone is experiencing problems, I found that if I disabled channel hopping in /etc/kismet/kismet.conf (or was it /etc/kismet.conf I don't remember), kismet would run for longer than 24 hours without freezing or stopping collecting packets.

I still have my copy of kismet_2007.01.R1b-1.0_armel.deb.

If anyone needs it, PM me.


Edit: Rapidshare download (http://rapidshare.com/files/100258434/kismet_2007.01.R1b-1.0_armel.deb.html)

You've been very helpful... Thank you so much!!!

BTW I don't understand why they take it out from repos...

Salut,
Sebas.

Ah sebas, here you are.

fyi the only responsible of the lack of Kismet in any repository is the old (Maemo 2) maintainer for closing down his repository (in his own right). Nobody else picked that package for Maemo 2, nor for any more recent version.

If you think Nokia censored it because a, b, c... think it twice. Nothing to do.

EDIT: I would answer this in maemo-users but not having my work laptop makes it harder to respond from @nokia.com. See you there on Monday, if still needed.

Anyone having issues installing ncurses-base on N810 running maemo OS2008 Version: 5.2008.43-7?

I upgraded to the latest OS release and got tcpdump installed, but not ncurses-base. Thanks.

It would be very helpful if wouldn't mind to tell us what kind of issues did you have.

But generally "apt-get install ncurses-base" as root should do it.

"apt-get install ncurses-base" did it. Furthermore to get kismet installed I had to run "dpkg –i nokismet-0.0.1a.deb" instead of installing from app manager. Thanks mikkov.

Anyone have a script or app to convert XML to Shapefile?

Ok... I will try to give a little step-by-step guide how I think it makes sense...

Packages to install before kismet:
flite (Speech output when a new wlan is found. Very cool)
aircrack-ng (airmon-ng is fine to get your wlan *out* of monitor mode once you quit kismet, otherwise you might have to reboot your tablet)
becomeroot (we need some way to become root)

Install kismet from tz1's link (you might need the red pill mode for this, but I don't know exactly - it might work as root in a shell with dpkg -i [debfile])

! Important: Use this only with tz1's build! eko's build places the .conf-files under /etc/kismet !

Download my confs from http://rapidshare.com/files/100860666/kismet_confs.tgz.html
and save this .tgz-file somewhere on your tablet where you will find it again.

Open a x-term shell, become root (sudo gainroot) and copy the file you just downloaded to /usr/etc and untar it there:

cp kismet_confs.tgz /usr/etc
cd /usr/etc
tar -xzvf kismet_confs.tgz

This will overwrite the standard .confs with my versions.

Changes from tz1's original confs:
1.) Disable apm (doesn't work anyway)
2.) disable sound (same)
3.) enable speech (with flite)
4.) change the capture source from prism54g (produces rubbish) to nokia770 (fine)


The data files will be written to /media/mmc1/, so you should have an exchangable card in there, if you want to change it, edit kismet.conf.

I can only say that it works fine for me, so I hope it will for you.

Oh and if you want metric units (for speed from gps and stuff) set
metric=true in kismet.conf

/Edit: Forgot half of the important stuff ;-)

Running Kismet
============
Set your wlan to *not* connect automatically, if you are connected to a wlan, quit the connection (gray wlan symbol).

Open your terminal, become root, and start kismet by typing kismet ;-)

After running kismet your wlan might be in some half-zombie mode (you have this case if you click on your gray wlan icon and it won't find any wlans).

In this case type
airmon-ng stop wlan0

This should do the trick

I installed aircrack-ng and tried "airmon-ng stop wlan0" and it says, "Wireless tools not found". What am I doing wrong?

I installed aircrack-ng and tried "airmon-ng stop wlan0" and it says, "Wireless tools not found". What am I doing wrong?
you didn't install wireless-tools?

I just got a Nokia N810 today and was having trouble getting kismet running. I am having issues using the nokismet.0.0.1a.deb package.

Here is what I have successuflly done up to this point:

enabled extras
installed rootsh

Here is what I have had issues with:
installing tcpdump - I actually did get this running, but I had to use the version found on the mulliner site for the n770. I had all kinds of issues with the dependencies.

installing kismet - it would install, but then it would bail on me almost instantly. I had no data, no actual proof it worked even for a second.

I am using diable_2008.43-7.

Thanks ahead of time.

Does anyone know where I can get flite, aircrack-ng, and a working tcpdump for the N810. Thanks again for any help you can provide. I am using diablo_2008.43-7 and am attempting to follow Tantris's step by step guide.

Does anyone know where I can get flite, aircrack-ng, and a working tcpdump for the N810. Thanks again for any help you can provide. I am using diablo_2008.43-7 and am attempting to follow Tantris's step by step guide.

http://www.internettablettalk.com/forums/showthread.php?t=20888&highlight=aircrack-ng
http://www.internettablettalk.com/forums/showthread.php?t=25499&highlight=kismet
http://www.internettablettalk.com/forums/showthread.php?t=26429
http://www.internettablettalk.com/forums/showthread.php?t=25863

Nice linkage ernia, thx. Very helpful.

Maybe I missed it, but how do I edit the kismet.conf file?!

Maybe I missed it, but how do I edit the kismet.conf file?!

You shouldn't need to.....

however you can use the command vi to edit the file.

How to use VI (http://www.linuxclues.com/articles/08.htm)

Alright who has a 100% working KISMET install ?? I Just dug my N800 out of the closet this past weekend and decided to see if theres been any updates (Diablo was NEW for me) . After upgrading to Diablo and installing rootsh/suders and following the most recent post in this thread for suggested kismet install (ncurses-base+wireless-tools+libpcap0.8-9.5one and kismet 2007-10-R1-svn2377) kismet dies after maybe 4 sec's (logging to mmc is correct) WLAN search interval is also OFF (as this was a issue in prior kismet installs) but I've never had this issue where it dies so quick. Nothing else has been install except whats listed and this is a fresh diablo install with all the updates applied (or whatever showed up)

I was editing it for using my RTL8187. :)

You shouldn't need to.....

however you can use the command vi to edit the file.

How to use VI (http://www.linuxclues.com/articles/08.htm)

It is also possible to use nano, it isn't as geek chic but it works just as well.

http://maemo.org/downloads/product/Maemo5/nano-opt/