Date: Sun, 3 Sep 2006 01:43:37 +0200 From: =?iso-8859-2?Q?Daniel_Dvo=F8=E1k?= <dandee@hellteam.net> To: <freebsd-ports@freebsd.org> Subject: kismet scanning deos not work for me Message-ID: <000001c6cee9$9ddf5980$6508280a@tocnet28.jspoj.czf>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C6CEFA.61682980 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit Hi all, my config of kismet.conf is attached. I read the kismet manual from the begining to the end and Kismet does not work for me. Even when I manually reconfigure my card from ahdemo mode to monitor mode, after execute kismet -n command, these lines turn up at once: Waiting for channel control child 2842 to exit... Kismet exiting. Connected to Kismet server version 2006.04.R1 build 20050815211952 on localhost:2501 localhost:2501 TCP error: socket returned EOF, server has closed the connection. Is it known issue ? Thank you Daniel ------=_NextPart_000_0001_01C6CEFA.61682980 Content-Type: text/plain; name="kismet.conf.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="kismet.conf.txt" # Kismet config file # Most of the "static" configs have been moved to here -- the command = line # config was getting way too crowded and cryptic. We want = functionality, # not continually reading --help! # Version of Kismet config version=3D2005.06.R1 # Name of server (Purely for organizational purposes) servername=3DKismet # User to setid to (should be your normal user) suiduser=3Dmyuser # Sources are defined as: # source=3Dsourcetype,interface,name[,initialchannel] # Source types and required drivers are listed in the README under the # CAPTURE SOURCES section. # The initial channel is optional, if hopping is not enabled it can be = used # to set the channel the interface listens on. # YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE source=3Dradiotap_bsd_a,ath0,1,100 #source=3Dradiotap_bsd_a,ath1,2,108 # Comma-separated list of sources to enable. This is only needed if you = defined # multiple sources and only want to enable some of them. By default, = all defined # sources are enabled. # For example: # enablesources=3Dprismsource,ciscosource # Do we channelhop? channelhop=3Dtrue # How many channels per second do we hop? (1-10) channelvelocity=3D5 # By setting the dwell time for channel hopping we override the = channelvelocity # setting above and dwell on each channel for the given number of = seconds. #channeldwell=3D10 # Do we split channels between cards on the same spectrum? This means = if # multiple 802.11b capture sources are defined, they will be offset to = cover # the most possible spectrum at a given time. This also controls = splitting # fine-tuned sourcechannels lines which cover multiple interfaces (see = below) channelsplit=3Dfalse # Basic channel hopping control: # These define the channels the cards hop through for various frequency = ranges # supported by Kismet. More finegrain control is available via the # "sourcechannels" configuration option. # # Don't change the IEEE80211<x> identifiers or channel hopping won't = work. # Users outside the US might want to use this list: # defaultchannels=3DIEEE80211b:1,7,13,2,8,3,14,9,4,10,5,11,6,12 #defaultchannels=3DIEEE80211b:1,6,11,2,7,3,8,4,9,5,10 # 802.11g uses the same channels as 802.11b... #defaultchannels=3DIEEE80211g:1,6,11,2,7,3,8,4,9,5,10 # 802.11a channels are non-overlapping so sequential is fine. You may = want to # adjust the list depending on the channels your card actually supports. defaultchannels=3DIEEE80211a:36,40,44,48,52,56,60,64,100,104,108,112,116,= 120,124,128,132,136,140,149,153,157,161,184,188,192,196,200,204,208,212,2= 16 #defaultchannels=3DIEEE80211a:36,40,44,48,52,56,60,64 # Combo cards like Atheros use both 'a' and 'b/g' channels. Of course, = you # can also explicitly override a given source. You can use the script # extras/listchan.pl to extract all the channels your card supports. #defaultchannels=3DIEEE80211ab:1,6,11,2,7,3,8,4,9,5,10,36,40,44,48,52,56,= 60,64 # Fine-tuning channel hopping control: # The sourcechannels option can be used to set the channel hopping for # specific interfaces, and to control what interfaces share a list of # channels for split hopping. This can also be used to easily lock # one card on a single channel while hopping with other cards. # Any card without a sourcechannel definition will use the standard = hopping # list. # sourcechannels=3Dsourcename[,sourcename]:ch1,ch2,ch3,...chN # ie, for us channels on the source 'prism2source' (same as normal = channel # hopping behavior): # sourcechannels=3Dprism2source:1,6,11,2,7,3,8,4,9,5,10 # Given two capture sources, "prism2a" and "prism2b", we want prism2a to = stay # on channel 6 and prism2b to hop normally. By not setting a = sourcechannels # line for prism2b, it will use the standard hopping. # sourcechannels=3Dprism2a:6 # To assign the same custom hop channel to multiple sources, or to split = the # same custom hop channel over two sources (if splitchannels is true), = list # them all on the same sourcechannels line: # sourcechannels=3Dprism2a,prism2b,prism2c:1,6,11 # Port to serve GUI data tcpport=3D2501 # People allowed to connect, comma seperated IP addresses or = network/mask # blocks. Netmasks can be expressed as dotted quad (/255.255.255.0) or = as # numbers (/24) allowedhosts=3D127.0.0.1 # Address to bind to. Should be an address already configured already = on # this host, reverts to INADDR_ANY if specified incorrectly. bindaddress=3D127.0.0.1 # Maximum number of concurrent GUI's maxclients=3D5 # Do we have a GPS? gps=3Dfalse # Host:port that GPSD is running on. This can be localhost OR remote! gpshost=3Dlocalhost:2947 # Do we lock the mode? This overrides coordinates of lock "0", which = will # generate some bad information until you get a GPS lock, but it will # fix problems with GPS units with broken NMEA that report lock 0 gpsmodelock=3Dfalse # Packet filtering options: # filter_tracker - Packets filtered from the tracker are not processed = or # recorded in any way. # filter_dump - Packets filtered at the dump level are tracked, = displayed, # and written to the csv/xml/network/etc files, but not # recorded in the packet dump # filter_export - Controls what packets influence the exported CSV, = network, # xml, gps, etc files. # All filtering options take arguments containing the type of address = and # addresses to be filtered. Valid address types are 'ANY', 'BSSID', # 'SOURCE', and 'DEST'. Filtering can be inverted by the use of '!' = before # the address. For example, # filter_tracker=3DANY(!00:00:DE:AD:BE:EF) # has the same effect as the previous mac_filter config file option. # filter_tracker=3D... # filter_dump=3D... # filter_export=3D... # Alerts to be reported and the throttling rates. # alert=3Dname,throttle/unit,burst/unit # The throttle/unit describes the number of alerts of this type that are # sent per time unit. Valid time units are second, minute, hour, and = day. # Burst rates control the number of packets sent at a time # For example: # alert=3DFOO,10/min,5/sec # Would allow 5 alerts per second, and 10 alerts total per minute. # A throttle rate of 0 disables throttling of the alert. # See the README for a list of alert types. alert=3DNETSTUMBLER,10/min,1/sec alert=3DWELLENREITER,10/min,1/sec alert=3DLUCENTTEST,10/min,1/sec alert=3DDEAUTHFLOOD,10/min,2/sec alert=3DBCASTDISCON,10/min,2/sec alert=3DCHANCHANGE,5/min,1/sec alert=3DAIRJACKSSID,5/min,1/sec alert=3DPROBENOJOIN,10/min,1/sec alert=3DDISASSOCTRAFFIC,10/min,1/sec alert=3DNULLPROBERESP,10/min,1/sec alert=3DBSSTIMESTAMP,10/min,1/sec # Known WEP keys to decrypt, bssid,hexkey. This is only for networks = where # the keys are already known, and it may impact throughput on slower = hardware. # Multiple wepkey lines may be used for multiple BSSIDs. # wepkey=3D00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900 # Is transmission of the keys to the client allowed? This may be a = security # risk for some. If you disable this, you will not be able to query = keys from # a client. allowkeytransmit=3Dtrue # How often (in seconds) do we write all our data files (0 to disable) writeinterval=3D300 # Do we use sound? # Not to be confused with GUI sound parameter, this controls wether or = not the # server itself will play sound. Primarily for headless or automated = systems. sound=3Dfalse # Path to sound player soundplay=3D/usr/bin/play # Optional parameters to pass to the player # soundopts=3D--volume=3D.3 # New network found sound_new=3D/usr/local/share/kismet/wav/new_network.wav # Wepped new network # sound_new_wep=3D${prefix}/com/kismet/wav/new_wep_network.wav # Network traffic sound sound_traffic=3D/usr/local/share/kismet/wav/traffic.wav # Network junk traffic found sound_junktraffic=3D/usr/local/share/kismet/wav/junk_traffic.wav # GPS lock aquired sound # sound_gpslock=3D/usr/local/share/kismet/wav/foo.wav # GPS lock lost sound # sound_gpslost=3D/usr/local/share/kismet/wav/bar.wav # Alert sound sound_alert=3D/usr/local/share/kismet/wav/alert.wav # Does the server have speech? (Again, not to be confused with the GUI's = speech) speech=3Dfalse # Server's path to Festival festival=3D/usr/bin/festival # Are we using festival lite? If so, set the above "festival" path to = also # point to the "flite" binary flite=3Dfalse # How do we speak? Valid options: # speech Normal speech # nato NATO spellings (alpha, bravo, charlie) # spell Spell the letters out (aye, bee, sea) speech_type=3Dnato # speech_encrypted and speech_unencrypted - Speech templates # Similar to the logtemplate option, this lets you customize the speech = output. # speech_encrypted is used for an encrypted network spoken string # speech_unencrypted is used for an unencrypted network spoken string # # %b is replaced by the BSSID (MAC) of the network # %s is replaced by the SSID (name) of the network # %c is replaced by the CHANNEL of the network # %r is replaced by the MAX RATE of the network speech_encrypted=3DNew network detected, s.s.i.d. %s, channel %c, = network encrypted. speech_unencrypted=3DNew network detected, s.s.i.d. %s, channel %c, = network open. # Where do we get our manufacturer fingerprints from? Assumed to be in = the # default config directory if an absolute path is not given. ap_manuf=3Dap_manuf client_manuf=3Dclient_manuf # Use metric measurements in the output? metric=3Dfalse # Do we write waypoints for gpsdrive to load? Note: This is NOT = related to # recent versions of GPSDrive's native support of Kismet. waypoints=3Dfalse # GPSDrive waypoint file. This WILL be truncated. waypointdata=3D%h/.gpsdrive/way_kismet.txt # Do we want ESSID or BSSID as the waypoint name ? waypoint_essid=3Dfalse # How many alerts do we backlog for new clients? Only change this if = you have # a -very- low memory system and need those extra bytes, or if you have = a high # memory system and a huge number of alert conditions. alertbacklog=3D50 # File types to log, comma seperated # dump - raw packet dump # network - plaintext detected networks # csv - plaintext detected networks in CSV format # xml - XML formatted network and cisco log # weak - weak packets (in airsnort format) # cisco - cisco equipment CDP broadcasts # gps - gps coordinates logtypes=3Ddump,network,csv,xml,weak,cisco,gps # Do we track probe responses and merge probe networks into their = owners? # This isn't always desireable, depending on the type of monitoring = you're # trying to do. trackprobenets=3Dtrue # Do we log "noise" packets that we can't decipher? I tend to not, = since # they don't have anything interesting at all in them. noiselog=3Dfalse # Do we log corrupt packets? Corrupt packets have enough header = information # to see what they are, but someting is wrong with them that prevents us = from # completely dissecting them. Logging these is usually not a bad idea. corruptlog=3Dtrue # Do we log beacon packets or do we filter them out of the dumpfile beaconlog=3Dtrue # Do we log PHY layer packets or do we filter them out of the dumpfile phylog=3Dtrue # Do we mangle packets if we can decrypt them or if they're = fuzzy-detected mangledatalog=3Dtrue # Do we do "fuzzy" crypt detection? (byte-based detection instead of = 802.11 # frame headers) # valid option: Comma seperated list of card types to perform fuzzy = detection # on, or 'all' fuzzycrypt=3Dwtapfile,wlanng,wlanng_legacy,wlanng_avs,hostap,wlanng_wext,= ipw2200,ipw2915 # Do we use network-classifier fuzzy-crypt detection? This means we = expect # packets that are associated with an encrypted network to be encrypted = too, # and we process them by the same fuzzy compare. # This essentially replaces the fuzzycrypt per-source option. netfuzzycrypt=3Dtrue # What type of dump do we generate? # valid option: "wiretap" dumptype=3Dwiretap # Do we limit the size of dump logs? Sometimes ethereal can't handle = big ones. # 0 =3D No limit # Anything else =3D Max number of packets to log to a single file before = closing # and opening a new one. dumplimit=3D0 # Do we write data packets to a FIFO for an external data-IDS (such as = Snort)? # See the docs before enabling this. #fifo=3D/tmp/kismet_dump # Default log title logdefault=3DKismet # logtemplate - Filename logging template. # This is, at first glance, really nasty and ugly, but you'll hardly = ever # have to touch it so don't complain too much. # # %n is replaced by the logging instance name # %d is replaced by the current date as Mon-DD-YYYY # %D is replaced by the current date as YYYYMMDD # %t is replaced by the starting log time # %i is replaced by the increment log in the case of multiple logs # %l is replaced by the log type (dump, status, crypt, etc) # %h is replaced by the home directory # ie, "netlogs/%n-%d-%i.dump" called with a logging name of "Pok" could = expand # to something like "netlogs/Pok-Dec-20-01-1.dump" for the first = instance and # "netlogs/Pok-Dec-20-01-2.%l" for the second logfile generated. # %h/netlots/%n-%d-%i.dump could expand to # /home/foo/netlogs/Pok-Dec-20-01-2.dump # # Other possibilities: Sorting by directory # logtemplate=3D%l/%n-%d-%i # Would expand to, for example, # dump/Pok-Dec-20-01-1 # crypt/Pok-Dec-20-01-1 # and so on. The "dump", "crypt", etc, dirs must exist before kismet is = run # in this case. logtemplate=3D%n-%d-%i.%l # Where do we store the pid file of the server? piddir=3D/var/run/ # Where state info, etc, is stored. You shouldnt ever need to change = this. # This is a directory. configdir=3D%h/.kismet/ # cloaked SSID file. You shouldn't ever need to change this. ssidmap=3Dssid_map # Group map file. You shouldn't ever need to change this. groupmap=3Dgroup_map # IP range map file. You shouldn't ever need to change this. ipmap=3Dip_map ------=_NextPart_000_0001_01C6CEFA.61682980--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c6cee9$9ddf5980$6508280a>