Date: Sun, 3 Sep 2006 01:43:37 +0200 From: =?iso-8859-2?Q?Daniel_Dvo=F8=E1k?= <dandee@hellteam.net> To: <freebsd-ports@freebsd.org> Subject: kismet scanning deos not work for me Message-ID: <000001c6cee9$9ddf5980$6508280a@tocnet28.jspoj.czf>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6CEFA.61682980
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
Hi all,
my config of kismet.conf is attached. I read the kismet manual from the
begining to the end and Kismet does not work for me.
Even when I manually reconfigure my card from ahdemo mode to monitor mode,
after execute kismet -n command, these lines turn up at once:
Waiting for channel control child 2842 to exit...
Kismet exiting.
Connected to Kismet server version 2006.04.R1 build 20050815211952 on
localhost:2501
localhost:2501 TCP error: socket returned EOF, server has closed the
connection.
Is it known issue ?
Thank you
Daniel
------=_NextPart_000_0001_01C6CEFA.61682980
Content-Type: text/plain;
name="kismet.conf.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="kismet.conf.txt"
# Kismet config file
# Most of the "static" configs have been moved to here -- the command =
line
# config was getting way too crowded and cryptic. We want =
functionality,
# not continually reading --help!
# Version of Kismet config
version=3D2005.06.R1
# Name of server (Purely for organizational purposes)
servername=3DKismet
# User to setid to (should be your normal user)
suiduser=3Dmyuser
# Sources are defined as:
# source=3Dsourcetype,interface,name[,initialchannel]
# Source types and required drivers are listed in the README under the
# CAPTURE SOURCES section.
# The initial channel is optional, if hopping is not enabled it can be =
used
# to set the channel the interface listens on.
# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
source=3Dradiotap_bsd_a,ath0,1,100
#source=3Dradiotap_bsd_a,ath1,2,108
# Comma-separated list of sources to enable. This is only needed if you =
defined
# multiple sources and only want to enable some of them. By default, =
all defined
# sources are enabled.
# For example:
# enablesources=3Dprismsource,ciscosource
# Do we channelhop?
channelhop=3Dtrue
# How many channels per second do we hop? (1-10)
channelvelocity=3D5
# By setting the dwell time for channel hopping we override the =
channelvelocity
# setting above and dwell on each channel for the given number of =
seconds.
#channeldwell=3D10
# Do we split channels between cards on the same spectrum? This means =
if
# multiple 802.11b capture sources are defined, they will be offset to =
cover
# the most possible spectrum at a given time. This also controls =
splitting
# fine-tuned sourcechannels lines which cover multiple interfaces (see =
below)
channelsplit=3Dfalse
# Basic channel hopping control:
# These define the channels the cards hop through for various frequency =
ranges
# supported by Kismet. More finegrain control is available via the
# "sourcechannels" configuration option.
#
# Don't change the IEEE80211<x> identifiers or channel hopping won't =
work.
# Users outside the US might want to use this list:
# defaultchannels=3DIEEE80211b:1,7,13,2,8,3,14,9,4,10,5,11,6,12
#defaultchannels=3DIEEE80211b:1,6,11,2,7,3,8,4,9,5,10
# 802.11g uses the same channels as 802.11b...
#defaultchannels=3DIEEE80211g:1,6,11,2,7,3,8,4,9,5,10
# 802.11a channels are non-overlapping so sequential is fine. You may =
want to
# adjust the list depending on the channels your card actually supports.
defaultchannels=3DIEEE80211a:36,40,44,48,52,56,60,64,100,104,108,112,116,=
120,124,128,132,136,140,149,153,157,161,184,188,192,196,200,204,208,212,2=
16
#defaultchannels=3DIEEE80211a:36,40,44,48,52,56,60,64
# Combo cards like Atheros use both 'a' and 'b/g' channels. Of course, =
you
# can also explicitly override a given source. You can use the script
# extras/listchan.pl to extract all the channels your card supports.
#defaultchannels=3DIEEE80211ab:1,6,11,2,7,3,8,4,9,5,10,36,40,44,48,52,56,=
60,64
# Fine-tuning channel hopping control:
# The sourcechannels option can be used to set the channel hopping for
# specific interfaces, and to control what interfaces share a list of
# channels for split hopping. This can also be used to easily lock
# one card on a single channel while hopping with other cards.
# Any card without a sourcechannel definition will use the standard =
hopping
# list.
# sourcechannels=3Dsourcename[,sourcename]:ch1,ch2,ch3,...chN
# ie, for us channels on the source 'prism2source' (same as normal =
channel
# hopping behavior):
# sourcechannels=3Dprism2source:1,6,11,2,7,3,8,4,9,5,10
# Given two capture sources, "prism2a" and "prism2b", we want prism2a to =
stay
# on channel 6 and prism2b to hop normally. By not setting a =
sourcechannels
# line for prism2b, it will use the standard hopping.
# sourcechannels=3Dprism2a:6
# To assign the same custom hop channel to multiple sources, or to split =
the
# same custom hop channel over two sources (if splitchannels is true), =
list
# them all on the same sourcechannels line:
# sourcechannels=3Dprism2a,prism2b,prism2c:1,6,11
# Port to serve GUI data
tcpport=3D2501
# People allowed to connect, comma seperated IP addresses or =
network/mask
# blocks. Netmasks can be expressed as dotted quad (/255.255.255.0) or =
as
# numbers (/24)
allowedhosts=3D127.0.0.1
# Address to bind to. Should be an address already configured already =
on
# this host, reverts to INADDR_ANY if specified incorrectly.
bindaddress=3D127.0.0.1
# Maximum number of concurrent GUI's
maxclients=3D5
# Do we have a GPS?
gps=3Dfalse
# Host:port that GPSD is running on. This can be localhost OR remote!
gpshost=3Dlocalhost:2947
# Do we lock the mode? This overrides coordinates of lock "0", which =
will
# generate some bad information until you get a GPS lock, but it will
# fix problems with GPS units with broken NMEA that report lock 0
gpsmodelock=3Dfalse
# Packet filtering options:
# filter_tracker - Packets filtered from the tracker are not processed =
or
# recorded in any way.
# filter_dump - Packets filtered at the dump level are tracked, =
displayed,
# and written to the csv/xml/network/etc files, but not
# recorded in the packet dump
# filter_export - Controls what packets influence the exported CSV, =
network,
# xml, gps, etc files.
# All filtering options take arguments containing the type of address =
and
# addresses to be filtered. Valid address types are 'ANY', 'BSSID',
# 'SOURCE', and 'DEST'. Filtering can be inverted by the use of '!' =
before
# the address. For example,
# filter_tracker=3DANY(!00:00:DE:AD:BE:EF)
# has the same effect as the previous mac_filter config file option.
# filter_tracker=3D...
# filter_dump=3D...
# filter_export=3D...
# Alerts to be reported and the throttling rates.
# alert=3Dname,throttle/unit,burst/unit
# The throttle/unit describes the number of alerts of this type that are
# sent per time unit. Valid time units are second, minute, hour, and =
day.
# Burst rates control the number of packets sent at a time
# For example:
# alert=3DFOO,10/min,5/sec
# Would allow 5 alerts per second, and 10 alerts total per minute.
# A throttle rate of 0 disables throttling of the alert.
# See the README for a list of alert types.
alert=3DNETSTUMBLER,10/min,1/sec
alert=3DWELLENREITER,10/min,1/sec
alert=3DLUCENTTEST,10/min,1/sec
alert=3DDEAUTHFLOOD,10/min,2/sec
alert=3DBCASTDISCON,10/min,2/sec
alert=3DCHANCHANGE,5/min,1/sec
alert=3DAIRJACKSSID,5/min,1/sec
alert=3DPROBENOJOIN,10/min,1/sec
alert=3DDISASSOCTRAFFIC,10/min,1/sec
alert=3DNULLPROBERESP,10/min,1/sec
alert=3DBSSTIMESTAMP,10/min,1/sec
# Known WEP keys to decrypt, bssid,hexkey. This is only for networks =
where
# the keys are already known, and it may impact throughput on slower =
hardware.
# Multiple wepkey lines may be used for multiple BSSIDs.
# wepkey=3D00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900
# Is transmission of the keys to the client allowed? This may be a =
security
# risk for some. If you disable this, you will not be able to query =
keys from
# a client.
allowkeytransmit=3Dtrue
# How often (in seconds) do we write all our data files (0 to disable)
writeinterval=3D300
# Do we use sound?
# Not to be confused with GUI sound parameter, this controls wether or =
not the
# server itself will play sound. Primarily for headless or automated =
systems.
sound=3Dfalse
# Path to sound player
soundplay=3D/usr/bin/play
# Optional parameters to pass to the player
# soundopts=3D--volume=3D.3
# New network found
sound_new=3D/usr/local/share/kismet/wav/new_network.wav
# Wepped new network
# sound_new_wep=3D${prefix}/com/kismet/wav/new_wep_network.wav
# Network traffic sound
sound_traffic=3D/usr/local/share/kismet/wav/traffic.wav
# Network junk traffic found
sound_junktraffic=3D/usr/local/share/kismet/wav/junk_traffic.wav
# GPS lock aquired sound
# sound_gpslock=3D/usr/local/share/kismet/wav/foo.wav
# GPS lock lost sound
# sound_gpslost=3D/usr/local/share/kismet/wav/bar.wav
# Alert sound
sound_alert=3D/usr/local/share/kismet/wav/alert.wav
# Does the server have speech? (Again, not to be confused with the GUI's =
speech)
speech=3Dfalse
# Server's path to Festival
festival=3D/usr/bin/festival
# Are we using festival lite? If so, set the above "festival" path to =
also
# point to the "flite" binary
flite=3Dfalse
# How do we speak? Valid options:
# speech Normal speech
# nato NATO spellings (alpha, bravo, charlie)
# spell Spell the letters out (aye, bee, sea)
speech_type=3Dnato
# speech_encrypted and speech_unencrypted - Speech templates
# Similar to the logtemplate option, this lets you customize the speech =
output.
# speech_encrypted is used for an encrypted network spoken string
# speech_unencrypted is used for an unencrypted network spoken string
#
# %b is replaced by the BSSID (MAC) of the network
# %s is replaced by the SSID (name) of the network
# %c is replaced by the CHANNEL of the network
# %r is replaced by the MAX RATE of the network
speech_encrypted=3DNew network detected, s.s.i.d. %s, channel %c, =
network encrypted.
speech_unencrypted=3DNew network detected, s.s.i.d. %s, channel %c, =
network open.
# Where do we get our manufacturer fingerprints from? Assumed to be in =
the
# default config directory if an absolute path is not given.
ap_manuf=3Dap_manuf
client_manuf=3Dclient_manuf
# Use metric measurements in the output?
metric=3Dfalse
# Do we write waypoints for gpsdrive to load? Note: This is NOT =
related to
# recent versions of GPSDrive's native support of Kismet.
waypoints=3Dfalse
# GPSDrive waypoint file. This WILL be truncated.
waypointdata=3D%h/.gpsdrive/way_kismet.txt
# Do we want ESSID or BSSID as the waypoint name ?
waypoint_essid=3Dfalse
# How many alerts do we backlog for new clients? Only change this if =
you have
# a -very- low memory system and need those extra bytes, or if you have =
a high
# memory system and a huge number of alert conditions.
alertbacklog=3D50
# File types to log, comma seperated
# dump - raw packet dump
# network - plaintext detected networks
# csv - plaintext detected networks in CSV format
# xml - XML formatted network and cisco log
# weak - weak packets (in airsnort format)
# cisco - cisco equipment CDP broadcasts
# gps - gps coordinates
logtypes=3Ddump,network,csv,xml,weak,cisco,gps
# Do we track probe responses and merge probe networks into their =
owners?
# This isn't always desireable, depending on the type of monitoring =
you're
# trying to do.
trackprobenets=3Dtrue
# Do we log "noise" packets that we can't decipher? I tend to not, =
since
# they don't have anything interesting at all in them.
noiselog=3Dfalse
# Do we log corrupt packets? Corrupt packets have enough header =
information
# to see what they are, but someting is wrong with them that prevents us =
from
# completely dissecting them. Logging these is usually not a bad idea.
corruptlog=3Dtrue
# Do we log beacon packets or do we filter them out of the dumpfile
beaconlog=3Dtrue
# Do we log PHY layer packets or do we filter them out of the dumpfile
phylog=3Dtrue
# Do we mangle packets if we can decrypt them or if they're =
fuzzy-detected
mangledatalog=3Dtrue
# Do we do "fuzzy" crypt detection? (byte-based detection instead of =
802.11
# frame headers)
# valid option: Comma seperated list of card types to perform fuzzy =
detection
# on, or 'all'
fuzzycrypt=3Dwtapfile,wlanng,wlanng_legacy,wlanng_avs,hostap,wlanng_wext,=
ipw2200,ipw2915
# Do we use network-classifier fuzzy-crypt detection? This means we =
expect
# packets that are associated with an encrypted network to be encrypted =
too,
# and we process them by the same fuzzy compare.
# This essentially replaces the fuzzycrypt per-source option.
netfuzzycrypt=3Dtrue
# What type of dump do we generate?
# valid option: "wiretap"
dumptype=3Dwiretap
# Do we limit the size of dump logs? Sometimes ethereal can't handle =
big ones.
# 0 =3D No limit
# Anything else =3D Max number of packets to log to a single file before =
closing
# and opening a new one.
dumplimit=3D0
# Do we write data packets to a FIFO for an external data-IDS (such as =
Snort)?
# See the docs before enabling this.
#fifo=3D/tmp/kismet_dump
# Default log title
logdefault=3DKismet
# logtemplate - Filename logging template.
# This is, at first glance, really nasty and ugly, but you'll hardly =
ever
# have to touch it so don't complain too much.
#
# %n is replaced by the logging instance name
# %d is replaced by the current date as Mon-DD-YYYY
# %D is replaced by the current date as YYYYMMDD
# %t is replaced by the starting log time
# %i is replaced by the increment log in the case of multiple logs
# %l is replaced by the log type (dump, status, crypt, etc)
# %h is replaced by the home directory
# ie, "netlogs/%n-%d-%i.dump" called with a logging name of "Pok" could =
expand
# to something like "netlogs/Pok-Dec-20-01-1.dump" for the first =
instance and
# "netlogs/Pok-Dec-20-01-2.%l" for the second logfile generated.
# %h/netlots/%n-%d-%i.dump could expand to
# /home/foo/netlogs/Pok-Dec-20-01-2.dump
#
# Other possibilities: Sorting by directory
# logtemplate=3D%l/%n-%d-%i
# Would expand to, for example,
# dump/Pok-Dec-20-01-1
# crypt/Pok-Dec-20-01-1
# and so on. The "dump", "crypt", etc, dirs must exist before kismet is =
run
# in this case.
logtemplate=3D%n-%d-%i.%l
# Where do we store the pid file of the server?
piddir=3D/var/run/
# Where state info, etc, is stored. You shouldnt ever need to change =
this.
# This is a directory.
configdir=3D%h/.kismet/
# cloaked SSID file. You shouldn't ever need to change this.
ssidmap=3Dssid_map
# Group map file. You shouldn't ever need to change this.
groupmap=3Dgroup_map
# IP range map file. You shouldn't ever need to change this.
ipmap=3Dip_map
------=_NextPart_000_0001_01C6CEFA.61682980--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c6cee9$9ddf5980$6508280a>