Date: Tue, 5 Sep 2006 17:36:49 +0200 From: =?iso-8859-2?Q?Daniel_Dvo=F8=E1k?= <dandee@hellteam.net> To: <freebsd-ports@freebsd.org> Cc: freebsd-ports-bugs@freebsd.org Subject: FW: kismet scanning deos not work for me Message-ID: <000a01c6d101$1b4c1020$6508280a@tocnet28.jspoj.czf>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_000B_01C6D111.DED4E020
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
I can add new facts:
=20
# kismet -n
Server options: -n
Client options: none
Starting server...
Waiting for server to start before starting UI...
Not logging any data
Will drop privs to stayd (1001) gid 1001
No specific sources given to be enabled, all will be enabled.
Enabling channel hopping.
Disabling channel splitting.
Source 0 (rik): Enabling monitor mode for radiotap_bsd_a source =
interface
ath0 channel 100...
FATAL: ath0: cannot set ifmedia: Device not configured
# ifconfig -v ath0
ath0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::20b:6bff:fe35:509a%ath0 prefixlen 64 scopeid 0x1
inet 10.*.*.* netmask 0xfffffffc broadcast 10.40.192.19
ether 00:0b:6b:XX:YY:ZZ
media: IEEE 802.11 Wireless Ethernet OFDM/24Mbps mode 11a
<flag0,adhoc> (OFDM/24Mbps)
status: associated
ssid PtP channel 100 (5500) bssid 00:00:00:00:00:00
authmode OPEN privacy OFF deftxkey UNDEF powersavemode OFF
powersavesleep 100 txpowmax 36 txpower 63 rtsthreshold 2346
mcastrate 1 fragthreshold 2346 bmiss 7 pureg protmode OFF wme =
burst
roaming AUTO bintval 100
AC_BE cwmin 4 cwmax 10 aifs 3 txopLimit 0 -acm ack
cwmin 4 cwmax 10 aifs 3 txopLimit 0 -acm
AC_BK cwmin 4 cwmax 10 aifs 7 txopLimit 0 -acm ack
cwmin 4 cwmax 10 aifs 7 txopLimit 0 -acm
AC_VI cwmin 3 cwmax 4 aifs 2 txopLimit 94 -acm ack
cwmin 3 cwmax 4 aifs 2 txopLimit 94 -acm
AC_VO cwmin 2 cwmax 3 aifs 2 txopLimit 47 -acm ack
cwmin 2 cwmax 3 aifs 2 txopLimit 47 -acm
kismet.conf is attached.
=20
rc.conf:
=20
ifconfig_ath0=3D"inet 10.*.*.*/30 media OFDM/24Mbps mode 11a mediaopt =
flag0
mediaopt adhoc ssid PtP channel 100 pureg protmode off txpower 63 =
chanlist
100-140 wme up"
=20
P.S.: mail me directly please.
_____ =20
From: Daniel Dvo=F8=E1k [mailto:dandee@hellteam.net]=20
Sent: Sunday, September 03, 2006 1:44 AM
To: 'freebsd-ports@freebsd.org'
Subject: kismet scanning deos not work for me
Hi all,
=20
my config of kismet.conf is attached. I read the kismet manual from the
begining to the end and Kismet does not work for me.
=20
Even when I manually reconfigure my card from ahdemo mode to monitor =
mode,
after execute kismet -n command, these lines turn up at once:
=20
Waiting for channel control child 2842 to exit...
Kismet exiting.
Connected to Kismet server version 2006.04.R1 build 20050815211952 on
localhost:2501
localhost:2501 TCP error: socket returned EOF, server has closed the
connection.
=20
Is it known issue ?
=20
Thank you
=20
Daniel
_____ =20
avast! Antivirus <http://www.avast.com>; : Odchozi zprava cista.=20
Virova databaze (VPS): 0635-5, 04.09.2006
Testovano: 5.9.2006 17:36:49
avast! - copyright (c) 1988-2006 ALWIL Software.
------=_NextPart_000_000B_01C6D111.DED4E020
Content-Type: text/plain;
name="kismet.conf.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="kismet.conf.txt"
# Kismet config file
# Most of the "static" configs have been moved to here -- the command =
line
# config was getting way too crowded and cryptic. We want =
functionality,
# not continually reading --help!
# Version of Kismet config
version=3D2005.06.R1
# Name of server (Purely for organizational purposes)
servername=3DKismet
# User to setid to (should be your normal user)
suiduser=3Dmyuser
# Sources are defined as:
# source=3Dsourcetype,interface,name[,initialchannel]
# Source types and required drivers are listed in the README under the
# CAPTURE SOURCES section.
# The initial channel is optional, if hopping is not enabled it can be =
used
# to set the channel the interface listens on.
# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
source=3Dradiotap_bsd_a,ath0,1,100
#source=3Dradiotap_bsd_a,ath1,2,108
# Comma-separated list of sources to enable. This is only needed if you =
defined
# multiple sources and only want to enable some of them. By default, =
all defined
# sources are enabled.
# For example:
# enablesources=3Dprismsource,ciscosource
# Do we channelhop?
channelhop=3Dtrue
# How many channels per second do we hop? (1-10)
channelvelocity=3D5
# By setting the dwell time for channel hopping we override the =
channelvelocity
# setting above and dwell on each channel for the given number of =
seconds.
#channeldwell=3D10
# Do we split channels between cards on the same spectrum? This means =
if
# multiple 802.11b capture sources are defined, they will be offset to =
cover
# the most possible spectrum at a given time. This also controls =
splitting
# fine-tuned sourcechannels lines which cover multiple interfaces (see =
below)
channelsplit=3Dfalse
# Basic channel hopping control:
# These define the channels the cards hop through for various frequency =
ranges
# supported by Kismet. More finegrain control is available via the
# "sourcechannels" configuration option.
#
# Don't change the IEEE80211<x> identifiers or channel hopping won't =
work.
# Users outside the US might want to use this list:
# defaultchannels=3DIEEE80211b:1,7,13,2,8,3,14,9,4,10,5,11,6,12
#defaultchannels=3DIEEE80211b:1,6,11,2,7,3,8,4,9,5,10
# 802.11g uses the same channels as 802.11b...
#defaultchannels=3DIEEE80211g:1,6,11,2,7,3,8,4,9,5,10
# 802.11a channels are non-overlapping so sequential is fine. You may =
want to
# adjust the list depending on the channels your card actually supports.
#defaultchannels=3DIEEE80211a:36,40,44,48,52,56,60,64,100,104,108,112,116=
,120,124,128,132,136,140,149,153,157,161,184,188,192,196,200,204,208,212,=
216
#defaultchannels=3DIEEE80211a:36,40,44,48,52,56,60,64
defaultchannels=3DIEEE80211a:100,104,108,112,116,120,124,128,132,136,140
# Combo cards like Atheros use both 'a' and 'b/g' channels. Of course, =
you
# can also explicitly override a given source. You can use the script
# extras/listchan.pl to extract all the channels your card supports.
#defaultchannels=3DIEEE80211ab:1,6,11,2,7,3,8,4,9,5,10,36,40,44,48,52,56,=
60,64
# Fine-tuning channel hopping control:
# The sourcechannels option can be used to set the channel hopping for
# specific interfaces, and to control what interfaces share a list of
# channels for split hopping. This can also be used to easily lock
# one card on a single channel while hopping with other cards.
# Any card without a sourcechannel definition will use the standard =
hopping
# list.
# sourcechannels=3Dsourcename[,sourcename]:ch1,ch2,ch3,...chN
# ie, for us channels on the source 'prism2source' (same as normal =
channel
# hopping behavior):
# sourcechannels=3Dprism2source:1,6,11,2,7,3,8,4,9,5,10
# Given two capture sources, "prism2a" and "prism2b", we want prism2a to =
stay
# on channel 6 and prism2b to hop normally. By not setting a =
sourcechannels
# line for prism2b, it will use the standard hopping.
# sourcechannels=3Dprism2a:6
# To assign the same custom hop channel to multiple sources, or to split =
the
# same custom hop channel over two sources (if splitchannels is true), =
list
# them all on the same sourcechannels line:
# sourcechannels=3Dprism2a,prism2b,prism2c:1,6,11
# Port to serve GUI data
tcpport=3D2501
# People allowed to connect, comma seperated IP addresses or =
network/mask
# blocks. Netmasks can be expressed as dotted quad (/255.255.255.0) or =
as
# numbers (/24)
allowedhosts=3D127.0.0.1
# Address to bind to. Should be an address already configured already =
on
# this host, reverts to INADDR_ANY if specified incorrectly.
bindaddress=3D127.0.0.1
# Maximum number of concurrent GUI's
maxclients=3D5
# Do we have a GPS?
gps=3Dfalse
# Host:port that GPSD is running on. This can be localhost OR remote!
gpshost=3Dlocalhost:2947
# Do we lock the mode? This overrides coordinates of lock "0", which =
will
# generate some bad information until you get a GPS lock, but it will
# fix problems with GPS units with broken NMEA that report lock 0
gpsmodelock=3Dfalse
# Packet filtering options:
# filter_tracker - Packets filtered from the tracker are not processed =
or
# recorded in any way.
# filter_dump - Packets filtered at the dump level are tracked, =
displayed,
# and written to the csv/xml/network/etc files, but not
# recorded in the packet dump
# filter_export - Controls what packets influence the exported CSV, =
network,
# xml, gps, etc files.
# All filtering options take arguments containing the type of address =
and
# addresses to be filtered. Valid address types are 'ANY', 'BSSID',
# 'SOURCE', and 'DEST'. Filtering can be inverted by the use of '!' =
before
# the address. For example,
# filter_tracker=3DANY(!00:00:DE:AD:BE:EF)
# has the same effect as the previous mac_filter config file option.
# filter_tracker=3D...
# filter_dump=3D...
# filter_export=3D...
# Alerts to be reported and the throttling rates.
# alert=3Dname,throttle/unit,burst/unit
# The throttle/unit describes the number of alerts of this type that are
# sent per time unit. Valid time units are second, minute, hour, and =
day.
# Burst rates control the number of packets sent at a time
# For example:
# alert=3DFOO,10/min,5/sec
# Would allow 5 alerts per second, and 10 alerts total per minute.
# A throttle rate of 0 disables throttling of the alert.
# See the README for a list of alert types.
alert=3DNETSTUMBLER,10/min,1/sec
alert=3DWELLENREITER,10/min,1/sec
alert=3DLUCENTTEST,10/min,1/sec
alert=3DDEAUTHFLOOD,10/min,2/sec
alert=3DBCASTDISCON,10/min,2/sec
alert=3DCHANCHANGE,5/min,1/sec
alert=3DAIRJACKSSID,5/min,1/sec
alert=3DPROBENOJOIN,10/min,1/sec
alert=3DDISASSOCTRAFFIC,10/min,1/sec
alert=3DNULLPROBERESP,10/min,1/sec
alert=3DBSSTIMESTAMP,10/min,1/sec
# Known WEP keys to decrypt, bssid,hexkey. This is only for networks =
where
# the keys are already known, and it may impact throughput on slower =
hardware.
# Multiple wepkey lines may be used for multiple BSSIDs.
# wepkey=3D00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900
# Is transmission of the keys to the client allowed? This may be a =
security
# risk for some. If you disable this, you will not be able to query =
keys from
# a client.
allowkeytransmit=3Dtrue
# How often (in seconds) do we write all our data files (0 to disable)
writeinterval=3D300
# Do we use sound?
# Not to be confused with GUI sound parameter, this controls wether or =
not the
# server itself will play sound. Primarily for headless or automated =
systems.
sound=3Dfalse
# Path to sound player
soundplay=3D/usr/bin/play
# Optional parameters to pass to the player
# soundopts=3D--volume=3D.3
# New network found
sound_new=3D/usr/local/share/kismet/wav/new_network.wav
# Wepped new network
# sound_new_wep=3D${prefix}/com/kismet/wav/new_wep_network.wav
# Network traffic sound
sound_traffic=3D/usr/local/share/kismet/wav/traffic.wav
# Network junk traffic found
sound_junktraffic=3D/usr/local/share/kismet/wav/junk_traffic.wav
# GPS lock aquired sound
# sound_gpslock=3D/usr/local/share/kismet/wav/foo.wav
# GPS lock lost sound
# sound_gpslost=3D/usr/local/share/kismet/wav/bar.wav
# Alert sound
sound_alert=3D/usr/local/share/kismet/wav/alert.wav
# Does the server have speech? (Again, not to be confused with the GUI's =
speech)
speech=3Dfalse
# Server's path to Festival
festival=3D/usr/bin/festival
# Are we using festival lite? If so, set the above "festival" path to =
also
# point to the "flite" binary
flite=3Dfalse
# How do we speak? Valid options:
# speech Normal speech
# nato NATO spellings (alpha, bravo, charlie)
# spell Spell the letters out (aye, bee, sea)
speech_type=3Dnato
# speech_encrypted and speech_unencrypted - Speech templates
# Similar to the logtemplate option, this lets you customize the speech =
output.
# speech_encrypted is used for an encrypted network spoken string
# speech_unencrypted is used for an unencrypted network spoken string
#
# %b is replaced by the BSSID (MAC) of the network
# %s is replaced by the SSID (name) of the network
# %c is replaced by the CHANNEL of the network
# %r is replaced by the MAX RATE of the network
speech_encrypted=3DNew network detected, s.s.i.d. %s, channel %c, =
network encrypted.
speech_unencrypted=3DNew network detected, s.s.i.d. %s, channel %c, =
network open.
# Where do we get our manufacturer fingerprints from? Assumed to be in =
the
# default config directory if an absolute path is not given.
ap_manuf=3Dap_manuf
client_manuf=3Dclient_manuf
# Use metric measurements in the output?
metric=3Dfalse
# Do we write waypoints for gpsdrive to load? Note: This is NOT =
related to
# recent versions of GPSDrive's native support of Kismet.
waypoints=3Dfalse
# GPSDrive waypoint file. This WILL be truncated.
waypointdata=3D%h/.gpsdrive/way_kismet.txt
# Do we want ESSID or BSSID as the waypoint name ?
waypoint_essid=3Dfalse
# How many alerts do we backlog for new clients? Only change this if =
you have
# a -very- low memory system and need those extra bytes, or if you have =
a high
# memory system and a huge number of alert conditions.
alertbacklog=3D50
# File types to log, comma seperated
# dump - raw packet dump
# network - plaintext detected networks
# csv - plaintext detected networks in CSV format
# xml - XML formatted network and cisco log
# weak - weak packets (in airsnort format)
# cisco - cisco equipment CDP broadcasts
# gps - gps coordinates
logtypes=3Ddump,network,csv,xml,weak,cisco,gps
# Do we track probe responses and merge probe networks into their =
owners?
# This isn't always desireable, depending on the type of monitoring =
you're
# trying to do.
trackprobenets=3Dtrue
# Do we log "noise" packets that we can't decipher? I tend to not, =
since
# they don't have anything interesting at all in them.
noiselog=3Dfalse
# Do we log corrupt packets? Corrupt packets have enough header =
information
# to see what they are, but someting is wrong with them that prevents us =
from
# completely dissecting them. Logging these is usually not a bad idea.
corruptlog=3Dtrue
# Do we log beacon packets or do we filter them out of the dumpfile
beaconlog=3Dtrue
# Do we log PHY layer packets or do we filter them out of the dumpfile
phylog=3Dtrue
# Do we mangle packets if we can decrypt them or if they're =
fuzzy-detected
mangledatalog=3Dtrue
# Do we do "fuzzy" crypt detection? (byte-based detection instead of =
802.11
# frame headers)
# valid option: Comma seperated list of card types to perform fuzzy =
detection
# on, or 'all'
fuzzycrypt=3Dwtapfile,wlanng,wlanng_legacy,wlanng_avs,hostap,wlanng_wext,=
ipw2200,ipw2915
# Do we use network-classifier fuzzy-crypt detection? This means we =
expect
# packets that are associated with an encrypted network to be encrypted =
too,
# and we process them by the same fuzzy compare.
# This essentially replaces the fuzzycrypt per-source option.
netfuzzycrypt=3Dtrue
# What type of dump do we generate?
# valid option: "wiretap"
dumptype=3Dwiretap
# Do we limit the size of dump logs? Sometimes ethereal can't handle =
big ones.
# 0 =3D No limit
# Anything else =3D Max number of packets to log to a single file before =
closing
# and opening a new one.
dumplimit=3D0
# Do we write data packets to a FIFO for an external data-IDS (such as =
Snort)?
# See the docs before enabling this.
#fifo=3D/tmp/kismet_dump
# Default log title
logdefault=3DKismet
# logtemplate - Filename logging template.
# This is, at first glance, really nasty and ugly, but you'll hardly =
ever
# have to touch it so don't complain too much.
#
# %n is replaced by the logging instance name
# %d is replaced by the current date as Mon-DD-YYYY
# %D is replaced by the current date as YYYYMMDD
# %t is replaced by the starting log time
# %i is replaced by the increment log in the case of multiple logs
# %l is replaced by the log type (dump, status, crypt, etc)
# %h is replaced by the home directory
# ie, "netlogs/%n-%d-%i.dump" called with a logging name of "Pok" could =
expand
# to something like "netlogs/Pok-Dec-20-01-1.dump" for the first =
instance and
# "netlogs/Pok-Dec-20-01-2.%l" for the second logfile generated.
# %h/netlots/%n-%d-%i.dump could expand to
# /home/foo/netlogs/Pok-Dec-20-01-2.dump
#
# Other possibilities: Sorting by directory
# logtemplate=3D%l/%n-%d-%i
# Would expand to, for example,
# dump/Pok-Dec-20-01-1
# crypt/Pok-Dec-20-01-1
# and so on. The "dump", "crypt", etc, dirs must exist before kismet is =
run
# in this case.
logtemplate=3D%n-%d-%i.%l
# Where do we store the pid file of the server?
piddir=3D/var/run/
# Where state info, etc, is stored. You shouldnt ever need to change =
this.
# This is a directory.
configdir=3D%h/.kismet/
# cloaked SSID file. You shouldn't ever need to change this.
ssidmap=3Dssid_map
# Group map file. You shouldn't ever need to change this.
groupmap=3Dgroup_map
# IP range map file. You shouldn't ever need to change this.
ipmap=3Dip_map
------=_NextPart_000_000B_01C6D111.DED4E020--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000a01c6d101$1b4c1020$6508280a>