Kismet

Aus Wardriving-Forum.de Enzyklopädie
Wechseln zu: Navigation, Suche

Kismet ist ein 802.11a/b/g Wireless Network Sniffer für Linux. Es unterstützt nahezu alle gängigen W-LAN Karten die native Linux-Treiber besitzen und im Monitor Modus arbeiten können. Mit sox und festival ist es möglich Sounds für verschiedene Netzwerkevents abzuspielen und sich eine Zusammenfassung des gerade gescannten Netzwerks vorlesen zu lassen. Optional arbeitet Kismet mit gpsd zusammen, um die Netzwerke zusätzlich mit GPS Koordinaten zu versehen.


Installation[Bearbeiten]

Kismet ist in vielen Distributionen bereits enthalten, und lässt sich dort auf dem üblichen Weg installieren.

Allerdings sind diese Versionen meistens veraltet, so dass man sich am besten die aktuelle Version von kismetwireless.net (Zweiter Kasten "Download latest stable code") herunterlädt.

Die "normale" Installation geht wie folgt von statten:

tar xzf kismet-*.tar.gz
cd kismet-*
./configure
make
make install

Der saubere Weg unter Debian/Ubuntu:

tar xzf kismet-*.tar.gz
cd kismet-*
dh_make
dpkg-buildpackage -r fakeroot
dpkg -i ../kismet*.deb
chmod +x /usr/bin/kismet #(falls SUID installation gewünscht ist, damit kann kismet als normaler User gestartet werden, birgt allerdings
Sicherheitsrisiken, da ein normaler User ein Programm startet das Root Rechte hat!)

Abhängigkeiten[Bearbeiten]

libc6 (>= 2.5-5), libexpat1 (>= 1.95.8), libgcc1 (>= 1:4.1.2), libgmp3c2, libmagick9, libncurses5 (>= 5.4-5), libpcap0.8 (>= 0.9.3-1), libstdc++6 (>= 4.1.2), zlib1g (>= 1:1.2.1), wireless-tools, wireshark-common

Abhängigkeiten lösen unter Debian/Ubuntu[Bearbeiten]

sudo apt-get build-dep kismet
sudo apt-get install fakeroot

kismet.conf[Bearbeiten]

Damit Kismet funktionieren kann, muss es der Hardware angepasst werden, indem man die kismet.conf mit einem Texteditor wie zum Beispiel 'gedit' ändert. Sie befindet sich (bei der Debian-Reihe) in /etc/kismet/kismet.conf, wo in Zeile 27 der Konfiguration steht:

source=none,none,addme

Diese muss in diesem Format angegeben sein:

source=<treiber>,<wlan-iface>,<irgend-ein-name>

<treiber> muss mit einem der unter #Capture Sources angegeben Treiber entsprechen.

<wlan-iface> muss mit dem jeweiligen WLAN-Interface ausgetauscht werden (zu sehen mit iwconfig, z.B. wlan0 oder wlan1 usw.)

<irgend-ein-name> ist nur ein Bezeichner, der selbst gewählt werden kann und ggf. nötig wird wenn man Kismet nur mit einem bestimmten Interface starten möchte (kismet -c <irgend-ein-name>)


Damit wir auch eher Wardriving machen und nicht wildes Paketesammeln beginnen noch die logtype-Zeile anpassen auf nur nötige Informationen:

logtypes=network,csv,xml,gps

Hier durch werde erstens nur reine SSID-Broadcasts-Informationen gesammelt und nicht irgendwelche andere Datenpakete (hat nichts mit WD zu tun!) und zweitens wird der Festplattenbedarf extrem vermindert.

Capture Sources[Bearbeiten]

Übersicht über Capture Sources aus des Kismet Dokumentation. Der Name, der bei "Source type" steht, muss anstatt des 1. "none" eingesetzt werden ;)

   Source type     Cards               OS          Driver
   acx100          TI ACX100           Linux       ACX100
                   http://acx100.sourceforge.net/
                   ACX100 drivers handle the 22mbit cards branded by D-Link
                    and others.
   admtek          ADMTek              Linux       ADMTek
                   http://www.latinsud.com/adm8211/        (Patches)
                   http://aluminum.sourmilk.net/adm8211/   (GPL driver)
                   ADMTek drivers used in many consumer 802.11b cards. With
                    the patches above, quasi-rfmon is possible - these cards
                    appear to be almost entirely software controlled and 
                    always in a rfmon-like state.  This card WILL BROADCAST
                    while in rfmon, rendering the sniffer visible.
                   The fully GPL drivers are supported, in addition to the 
                    hacks to the non-free drivers.
   airpcap         Airpcap USB         cygwin      CACE Tech
                   http://www.cacetech.com/products/airpcap.htm
                   The CACE AirPcap USB device allows native capture on
                    Win32/Cygwin.
                   The explicit airpcap source expects the Win32/Cygwin
                    interface name.  This should be used once the source
                    is identified via airpcap_ask or if multiple simultaneous
                    sources are required.
   airpcap_ask     Airpcap USB         cygwin      CACE Tech
                   http://www.cacetech.com/products/airpcap.htm
                   The CACE AirPcap USB device allows native capture on
                    Win32/Cygwin.
                   The airpcap_ask source lists available airpcap devices
                    and allows the user to pick interactively.
                   The 'capture interface' field is irrelevant and can be
                    filled with any value (for example, 'dummy')
   atmel_usb       Atmel-USB           Linux       Berlios-Atmel
                   http://at76c503a.berlios.de/
                   These drivers work ONLY on USB cards (Sorry, no PCMCIA
                    support).  Monitor mode support is limited and "faked"
                    by bypassing part of the firmware and parsing packets
                    directly, and is likely to not report all of the 
                    frames.
                   This card MAY BROADCAST while in rfmon, rendering the
                    sniffer visible.
                   It appears that this card may be only formatting the 
                    beacons as an 802.11 stream, which means you likely
                    will not see data frames, rendering most IDS functions,
                    IP discovery, and data logging unavailable.
   ath5k           Atheros             Linux       Kernel/Madwifi
                   http://madwifi.org
                   Based on the OpenBSD OpenHAL, the Ath5k drivers are the
                    future of Atheros support and will be mainlined into the
                    Linux kernel.
   ath5k_a         Atheros             Linux       Kernel/Madwifi
                   http://madwifi.org
                   Ath5k source for 11a only
   ath5k_ag        Atheros             Linux       Kernel/Madwifi
                   http://madwifi.org
                   Ath5k source for 11a/11g
   bcm43xx         Broadcom            Linux       BCM43XX
                   http://bcm43xx.berlios.de, kernel
                   Linux native broadcom drivers incorporated into modern
                    kernels. 
   b43             Broadcom            Linux
                   B43 broadcom drivers for current Broadcom devices in
                    Linux kernels
   b43legacy       Broadcom            Linux
                   B43 broadcom drivers for legacy Broadcom devices in
                    Linux kernels
   cisco           Aironet 340,350     Linux       Kernel 2.4.10 - 2.4.19
                   Standard Cisco cards in Linux.  Works only with
                    the Linux kernel drivers, not the drivers found in
                    pcmcia-cs.
                   The drivers found on the cisco.com site can be patched
                    with the files from the Kismet download site to add
                    monitor mode with channel control, HOWEVER these drivers
                    are extremely buggy for normal use and work only with
                    the 2.4 kernel tree.
                   The cisco drivers currently do not enter rfmon mode 
                    correctly, so channel control is not available.  The
                    firmware will hop to whatever channel it feels like 
                    hopping to, when it feels like hopping.
   cisco_wifix     Aironet 340,350     Linux       Kernel 2.4.20+, CVS  
                   http://sourceforge.net/projects/airo-linux/  
                   Capture interface:  'ethX:wifiX'
                   Kernel 2.4.20+ and CVS drivers use ethX for normal mode
                    and wifiX for monitor mode.  Kismet needs to know both
                    devices, which may not necessarily be the same number,
                    for example 'eth1:wifi0'.
                   Linux kernel 2.4.20 and 2.4.21 have highly unstable cisco
                    drivers and should be avoided.
                   The cisco drivers currently do not enter rfmon mode 
                    correctly, so channel control is not available.  The
                    firmware will hop to whatever channel it feels like 
                    hopping to, when it feels like hopping.
   darwin          OSX native cards    OSX/Darwin  OSX
                   Supports both Broadcom and Atheros Airport-Extreme cards.
                   When using a Broadcom based card, it may be necessary to 
                    enable rfmon on the device for the first time using another 
                    program.
                   When using an Atheros based card, 802.11a may also be supported
                    by adding a 'sourcechannels' line to kismet.conf.
   hostap          Prism/2             Linux       HostAP 0.4
                   http://hostap.epitest.fi/
                   HostAP drivers drive the Prism/2 chipset in access point
                    mode, but also can drive the cards in client and monitor
                    modes.  The HostAP drivers seem to change how they go
                    into monitor mode fairly often, but this source should 
                    manage to get them going.
   ipw2100         Intel/Centrino      Linux       ipw2100-0.44+
                   http://ipw2100.sourceforge.net/
                   The Linux IPW2100/Centrino drivers for 802.11b cards
                   now support rfmon, so here's support for them.  They act
                   more or less like any other wireless interface would.
   ipw2200         Intel/Centrino      Linux       ipw2200-1.0.4+
                   http://ipw2200.sourceforge.net/
                   The Linux IPW2200/Centrino drivers for 802.11bg cards
                   support rfmon as of 1.0.4 and firmware 2.3.  
                   Signal level reporting requires radiotap be turned on
                   in the makefile while compiling the driver.  Noise levels
                   are not reported.
   ipw2915         Intel/Centrino      Linux       ipw2200-1.0.4+
                   http://ipw2200.sourceforge.net/
                   The Linux IPW2200/Centrino drivers for 802.11bga cards
                   support rfmon as of 1.0.4 and firmware 2.3.  
                   This is the same as ipw2200 but defaults to scanning the
                   802.11a channel range in addition to 802.11b/g.
                   Signal level reporting requires radiotap be turned on
                   in the makefile while compiling the driver.  Noise levels
                   are not reported.
   ipw3945         Intel/Centrino      Linux       ipw3945
                   http://ipw3945.sourceforge.net/
                   The Linux IPW3945/Centrino drivers for Intel Core
                   802.11bga cards.
   ipwlivetap      Intel/Centrino      Linux       ipw2200/3945
                   http://ipw2200.sourceforge.net/
                   http://ipw3945.sourceforge.net/
                   The ipw3945 and patched ipw2200 drivers support a 
                   special mode which allows monitor-mode style sniffing
                   while remaining associated.  Channel hopping is not
                   possible, as the card is still associated to a 
                   specific AP, but single-channel IDS and sniffing can
                   be accomplished.  See the ipw driver mailing list
                   archives for information about patching your drivers.
   iwl3945         Intel/Centrino      Linux       iwl3945
                   Intel's new IPW drivers using the mac80211 kernel
                   layer.
   iwl4965         Intel/Centrino      Linux       iwl4965
                   Intel's new IPW drivers using the mac80211 kernel
                   layer.
   kismet_drone    n/a                 Any         n/a
                   Capture interface:  'dronehost:port'  
                   The remote drone capture source connects to a Kismet
                    drone and processes the packets.  Refer to the Remote 
                    Drone section of the README for more details about how
                    to set up a drone.
   madwifi_a       Atheros             Linux       madwifi
                   http://sourceforge.net/projects/madwifi/
                   Capture interface:  'athX'
                   Capture interface:  'wifiX' (Madwifi-NG)
                   Madwifi drivers in 802.11a-only mode. 
                   When using madwifi-ng, be sure all non-monitor VAPs have
                    been removed, otherwise madwifi will not properly report
                    most traffic.
   madwifi_b       Atheros             Linux       madwifi
                   http://sourceforge.net/projects/madwifi/
                   Capture interface:  'athX'
                   Capture interface:  'wifiX' (Madwifi-NG)
                   Madwifi drivers in 802.11b-only mode. 
                   When using madwifi-ng, be sure all non-monitor VAPs have
                    been removed, otherwise madwifi will not properly report
                    most traffic.
   madwifi_g       Atheros             Linux       madwifi
                   http://sourceforge.net/projects/madwifi/
                   Capture interface:  'athX'
                   Capture interface:  'wifiX' (Madwifi-NG)
                   Madwifi drivers in 802.11g-only mode.  This will, 
                    obviously, also see 11b networks.
                   When using madwifi-ng, be sure all non-monitor VAPs have
                    been removed, otherwise madwifi will not properly report
                    most traffic.
   madwifi_ab      Atheros             Linux       madwifi
                   http://sourceforge.net/projects/madwifi/
                   Capture interface:  'athX'
                   Capture interface:  'wifiX' (Madwifi-NG)
                   Madwifi drivers in 802.11a and 802.11b combo mode.  This
                    will seamlessly switch between bands during channel 
                    hopping.
                   When using madwifi-ng, be sure all non-monitor VAPs have
                    been removed, otherwise madwifi will not properly report
                    most traffic.
   madwifi_ag      Atheros             Linux       madwifi
                   http://sourceforge.net/projects/madwifi/
                   Capture interface:  'athX'
                   Capture interface:  'wifiX' (Madwifi-NG)
                   Madwifi drivers in 802.11a and 802.11g combo mode.  This
                    will seamlessly switch between bands during channel 
                    hopping.
                   When using madwifi-ng, be sure all non-monitor VAPs have
                    been removed, otherwise madwifi will not properly report
                    most traffic.
   madwifing_a     Atheros             Linux       madwifi-ng
   madwifing_ab    Atheros             Linux       madwifi-ng
   madwifing_ag    Atheros             Linux       madwifi-ng
   madwifing_g     Atheros             Linux       madwifi-ng
   madwifing_b     Atheros             Linux       madwifi-ng
                   http://sourceforge.net/projects/madwifi/
                   Capture interface:  'wifiX'
                   *Deprecated*.  Detection for madwifi-ng is built into
                    the standard madwifi sources.  The _ng source names
                    have been kept to allow old configs to continue
                    functioning.
   nokia770        Nokia               Linux       Nokiea
                   http://maemo.org/
                   Nokia770 capture interface.  Includes support for 
                   validating frame checksums to screen out junk 
                   packets, since the drivers pass us all data.
   nokia8x0        Nokia 800,810
                   http://maemo.org/
                   Nokia 8x0 capture interface, including support for
                   FCS validation.
                   The Nokia drivers appear to exhibit instability while
                   capturing where they stop reporting packets.  This may
                   be minimized by setting the Network Scan interval to
                   "never" in the control panel->networking section.
   orinoco         Lucent, Orinoco     Linux       Patched orinoco_cs
                   http://airsnort.shmoo.com/orinocoinfo.html
                   The Orinoco drivers which have mainlined into the Linux
                    kernel do support monitor mode, however only specific firmware
                    versions are supported and often they do not work.
                   An up-ported version of the older Orinoco drivers which more
                    reliably supported rfmon may be available at:
                    http://www.projectiwear.org/~plasmahh/orinoco.html
                   Generally, Orinoco cards are not recommended for use with
                    Kismet due to these limitations.
   orinoco_14      Lucent, Orinoco     Linux       Orinoco 0.14+
                   https://savannah.nongnu.org/projects/orinoco/
                   This source is deprecated and should only be used with
                   pre-release versions of a driver since merged into the Linux
                   kernel.
   pcapfile        n/a                 Any         n/a
                   Capture interface:  '/path/to/file' 
                   The pcapfile capture source feeds a stored 802.11-encap
                    dump file through the Kismet engine again.  This can be
                    useful for debugging or rescanning old logs for 
                    alert conditions.  Pcapfile sources are only available
                    if Kismet was compiled with libpcap support.
   prism2_openbsd  Prism/2             OpenBSD     Kernel
                   Full support for Prism2 under OpenBSD.
   prism54g        PrismGT             Linux       prism54
                   http://www.prism54.org
                   PrismGT 802.11g drivers supporting monitor mode.
   radiotap_bsd_ab Radiotap            BSD         Kernel
                   Dual-band cards with radiotap headers.
   radiotap_bsd_a Radiotap              BSD        Kernel
                   802.11a cards (or dual-band on 11a channels only) with 
                    radiotap headers. 
   radiotap_bsd_b Radiotap             BSD         Kernel
                   802.11b/g cards (or dual-band on 11b channels only) with
                    radiotap headers. 
   rt2400          Ralink 2400 11b     Linux       rt2400-gpl
                   http://rt2x00.serialmonkey.com/
                   Ralink 2400 802.11b cards using the serialmonkey GPL'd 
                    rt2x00 drivers.  Must use 1.2.2 beta 2 or newer drivers.
   rt2500          Ralink 2500 11g     Linux       rt2500-gpl
                   http://rt2x00.serialmonkey.com/
                   Ralink 2500 802.11g cards using the serialmonkey GPL'd 
                    rt2x00 drivers.  Must use 1.1.0 beta 2 or newer drivers.
   rt73            Ralink 73   11g     Linux       rt73-gpl-cvs
                   http://rt2x00.serialmonkey.com/
                   Ralink 73 802.11g USB cards using the serialmonkey GPL'd
                    rt79 drivers (tested only with CVS driver versions)
   rt8180          Realtek 8180 11b    Linux       rtl8180-sa2400
                   http://rtl8180-sa2400.sourceforge.net/
                   Realtek 8180 based cards (there seem to be an awful lot of
                    them) using the GPL drivers.
   viha            Airport             OSX         viha
                   http://www.dopesquad.net/security/
                   Monitor mode support for Airport under OSX.  Does not
                    support Airport Extreme.
   vtar5k          Atheros 802.11a     Linux       vtar5k
                   http://team.vantronix.net/ar5k/
                   vtar5k drivers handle some Atheros 802.11a cards.  Chances
                    are you'll have better luck with madwifi drivers.
   wlanng_legacy   Prism/2             Linux       wlan-ng 0.1.3 and earlier
                   http://www.linux-wlan.com/
                   Old wlan-ng drivers didn't support pcap capturing and
                    use a netlink socket to the kernel.  These are still in
                    use on some embedded systems (like the Zaurus).
   wlanng          Prism/2             Linux       wlan-ng 0.1.4 - 0.1.9
                   http://www.linux-wlan.com/
                   Wlan-ng prism2 drivers prior to the AVS headers.
   wlanng_avs      Prism/2             Linux       wlan-ng 0.2.0+
                   http://www.linux-wlan.com/
                   Newer wlan-ng drivers support a new header type and 
                    slightly different monitor commands to report wepped
                    packets.
   wrt54g          Linksys WRT54G      Linux       linksys
                   http://seattlewireless.net/index.cgi/LinksysWrt54g  
                   Capture interface:  'wlX'
                   Support for the newer firmware versions on the 
                    WRT54G/S/L devices (and any others using the broadcom
                    reference chipset).
                   Some systems generate a secondary device, prism0, while
                    in monitor mode and require special care while channel
                    hopping, it is no longer necessary to specify the prism0
                    device explicitly for Kismet.
   wsp100          NetChem WSP100      Any         n/a
                   http://networkchemistry.com/
                   Capture interface:  'host:port'
                   The WSP100 is an embedded device which reports 802.11
                    packets over UDP.  The wsp100 capture source is 
                    (generally) system agnostic, however over time it has
                    been less maintained than others.  If you'd like to
                    send me patches for this, please let me know.
   zd1211          ZyDAS USB           Linux       zd1211
                   http://zd1211.ath.cx
                   The ZD1211 drivers have had some regressions which lead to 
                    data corruption while changing channel.  Some versions 
                    work, and typically the aircrack patches resolve the
                    corruption issues if your version doesn't properly handle
                    rfmon.

Weblinks[Bearbeiten]

Kismet-Website

Kismet Download

Kismet wikipedia.org

Konverter[Bearbeiten]

KML Konverter in Java

Datenbank mit PHP und MySQL

XML to KML in PHP

Kismet XML via PHP to MySQL and OpenLayers