kismet and atheros

Michael W. Oliver michael at gargantuan.com
Fri Aug 26 16:37:47 GMT 2005 

On 2005-08-25T19:53:23-0500, Dan Olson wrote:
> Michal Mertl wrote:
>> Michal Mertl wrote:

>>> Brad Schonhorst wrote:

>>>> I have been using an iBook since OS X came about but recently decided it
>>>> was time to give BSD a try.  I picked up a new TINY Fujitsu P7010 and now
>>>> have it running FreeBSD 6 - current circa July

>>>> Wireless support was obviously a must for the laptop ( hence running
>>>> CURRENT to get support for my Atheros card. )  As someone new to BSD
>>>> wireless I was wondering if you guys could share with me some of your
>>>> favorite tools for wireless use.  I have been somewhat frustrated with 
>>>> the
>>>> steps I currently take to discover new wireless access points.

>>>> To get wireless access:

>>>> 1) Run Kismet, find some SSIDs that are open
>>>> 2) Reboot!  I can't seem to get my card out of Promisc mode otherwise

>>> You can control promiscuous mode of a running card with ifconfig ath0
>>> [-]promisc. The card may end up also in monitor mode. You can disable
>>> monitor mode with ifconfig ath0 mediaopt -monitor.


>> I've just noticed I wrote the second command wrongly - it's 'ifconfig
>> ath0 -mediaopt monitor'.

>> Michal

> 
> On my system after I run kismet and exit, a stray kismet_server is left 
> running sometimes.  I have to kill -9 its pid.  I then do the command:
> 
> ifconfig ath0 -promisc -mediaopt monitor
> 
> This returns ath0 to normal and I can use wireless again. This may help 
> you, Brad.

Thanks very much for that.  I wasn't able to remove the promisc and
monitor from ath0 while the kismet_server was running, but the exit from
the client doesn't give any clue that the server is still running.  Once
I kill 9'd the server I could reconfigure the ath0 interface without any
problem at all.  Thanks!

One problem that I am having, however, is that kismet is not hopping
channels.  I have tried the version from ports as well as 2005-08-R1 and
both are showing this behavior.  It is really strange.  I have neighbors
that spew all types of stuff my way, so it is easy to verify if it is
working on channels 5, 6, and 11.  When I manually set the interface to
channel 11 and start kismet, it detects my neighbor's network on channel
11 and nothing else, but the client is stuck on channel 11 and doesn't
hop.  I have tried toggling L and H to lock/hop but nothing changes -- I
see only channel 11.  Now, if I stop kismet (and kill 9 kismet_server!)
and change ath0 to channel 6 and then restart kismet, I can see two
channel 6 networks and one channel 5 network in the kismet client, but
no channel 11 network!  gah!

Has anyone else had this trouble with kismet refusing to channel hop?
Here is some pertinent information:


# uname -a
FreeBSD gambit.gargantuan.com 7.0-CURRENT FreeBSD 7.0-CURRENT #1: Fri
Aug 19 17:40:53 EDT 2005
root at gambit.gargantuan.com:/usr/obj/usr/src/sys/GAMBIT  i386


Starting server...
Waiting for server to start before starting UI...
Will drop privs to mwoliver (1001) gid 1001
Enabling channel hopping.
Disabling channel splitting.
Source 0 (sager): Enabling monitor mode for radiotap_bsd_b source interface ath0 channel 6...
Source 0 (sager): Opening radiotap_bsd_b source interface ath0...
WARNING:  pcap reports link type of EN10MB but we'll fake it on BSD.
This may not work the way we want it to.
WARNING:  Some Free- and Net- BSD drivers do not report rfmon packets
correctly.  Kismet will probably not run correctly.  For better
support, you should upgrade to a version of *BSD with Radiotap.
Spawned channelc control process 26100
Dropped privs to mwoliver (1001) gid 1001
Allowing clients to fetch WEP keys.
Logging networks to Kismet-20050826-21.network
Logging networks in CSV format to Kismet-20050826-21.csv
Logging networks in XML format to Kismet-20050826-21.xml
Logging cryptographically weak packets to Kismet-20050826-21.weak
Logging cisco product information to Kismet-20050826-21.cisco
Logging gps coordinates to Kismet-20050826-21.gps
Logging data to Kismet-20050826-21.dump
Writing data files to disk every 300 seconds.
Mangling encrypted and fuzzy data packets.
Tracking probe responses and associating probe networks.
Reading AP manufacturer data and defaults from /usr/local/etc/ap_manuf
Reading client manufacturer data and defaults from /usr/local/etc/client_manuf
Using network-classifier based data encryption detection
Dump file format: wiretap (local code) dump
Crypt file format: airsnort (weak packet) dump
Kismet 2005.08.R1 (Kismet)
Logging data networks CSV XML weak cisco gps
GPSD cannot connect: Connection refused
Listening on port 2501.
Allowing connections from 127.0.0.1/255.255.255.255
Registering builtin client/server protocols...
Registering requested alerts...
Registering builtin timer events...
Gathering packets...



Thanks in advance for your help!

-- 
Mike Oliver
[see complete headers for contact information]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-mobile/attachments/20050826/7957a862/attachment.bin

More information about the freebsd-mobile mailing list