Red Hat Linux 9.0 + Kismet HOWTO

copyright : http://tipsybottle.com/
Red Hat Linux 9.0 + Kismet HOWTO
(Works with Red Hat 8 and Fedora Core 1 too)

Description

The primary goal of this How-To is to install and configure Red Hat Linux 9.0 with an Orinoco wireless NIC and the Kismet wireless sniffer. Now these instructions also include drivers for Prism (SMC, Linksys, D-Link, etc.), Cisco, and/or Atheros based 802.11a wireless NICs. These instructions were primarily created for an IBM T30 with Windows 2000 Professional on half the hard drive. I will use the other half of the hard drive for my Red Hat Linux installation. Although, these instructions were created for my particular situation, they should apply to many other configurations.

If you need help -> I have put together an installation FAQ with common questions I have received.  You can find the Linux-Kismet-HowTo-FAQ here.

Note - This process is almost identical on Red Hat 8.0, Red Hat 9.0 and Fedora Core 1.  The process to install the wireless tools is the same (except a tiny part for hostap), but the file names (because of versions) is slightly different. In the near future I'm going to start moving these instructions to be more specific to Fedora.  It's really all the same process on any of these platforms anyway.  I am currently using all three, but seem to be moving to Fedora.

Note - For a period of time it was necessary to recompile the kernel when using Red Hat 8.0 + Orinoco-11b drivers. I believe changes were made to the Orinoco drivers that make this task unnecessary (I first noticed this in early March 2003). If you follow the following instructions you should no longer need to recompile the Kernel. If you would like learn how to build a simple kernel or want to use an older version of the Red Hat 8.0 kernel or Orinoco drivers, see my old Red Hat Linux 8.0 + Orinoco + Kismet HOWTO document.

Install Red Hat 8.0 Linux

Red Hat Linux has become the most popular alternative the Windows operating systems. From the beginning of Red Hat, the company has been working to package an operating system that is simple to install, easy to use, and contains a variety of practical features.

There are several options to obtain the media necessary to install Red Hat Linux. Some of the more popular options include:

• Download the five Red Hat 8.0 ISOs and burn onto CD
• Download bootnet.img and perform a net install
• Support Red Hat by purchasing a copy from the store

If you install from CD, it is recommended that you verify the integrity of the discs the first time you use them. You will be prompted for this at the beginning of the installation. The first and most important step of this install is to install Red Hat Linux. If you need help to install the operating system, visit http://www.Red Hat.com/docs/manuals/linux/RHL-8.0-Manual/install-guide/.

Additionally, if you need to download a copy of Red Hat 8.0, visit the following site to find a mirror: http://www.redhat.com/download/mirror.html.

    Here are the options I choose during the installation of Red Hat Linux:

• Select Language (English) * Default
• Keyboard Configuration (US English) * Default
• Mouse Configuration (3 Button Mouse (PS/2) * Default
• Installation Type (Custom)
• Disk Partitioning Setup (Automatically partition)
• Automatic Partitioning (Remove all Linux Partitions on this system)
• Disk Setup (nothing)
• Boot Loader Configuration (Default)
• Network Configuration (Set hostname manually “wireless1”)
• Firewall configuration (Default)
• Additional Language Support (Default)
• Time Zone Selection (America/Chicago)
• Account Configuration (enter password for root account and create user account)
• Authentication Configuration (Default)
• Package Group Selection (Add the following)

• SQL Database Server - Add "mysql-server" (Click on Details)
• Development Tools
• Kernel Development
• X Software Development
• Gnome Software Development
• Select System Tools, but remove "ethereal"

    Total install size: 1,921M

• About to Install (forward)

    Installation (25 minutes later for a CD install, 4 hours for a net install)

• Boot Diskette Creation (create one if you wish)
• Graphical Interface (X) Configuration (Select what you have – I have the ATI Radeon Mobility 7500)
• Monitor Configuration (Unprobed Monitor)
• Customize Graphics Configuration (Default)
• Exit

    (Automatically Shutdown and restart into Red Hat Linux)

• Welcome (forward)
• Date and Time (I selected Enable Network Time Protocol - forward)
• Sound (forward)
• Update Agent (forward) register and install updates
• Additional CDs (select what you want)
• Finish Setup (Forward)

Update to the most recent packages

    Register with the Red Hat Network

    Login using root and your password

    Run up2date to update the system with the latest and most stable packages.

Note – I understand it is not recommended that you run a NIX system as root, and I agree if it were a multi-user system that this would be discouraged.

Download Required Files

Several files will be required to complete the installation process. Download the following files into the specified directories:

• Orinoco drivers
  • orinoco-0.13e.tar.gz
  • http://ozlabs.org/people/dgibson/dldwd/  
  • Download to /root/
• Orinoco monitor mode patch
  • orinoco-0.13e-rfmon-dragorn3.diff
  • http://www.kismetwireless.net/download.shtml
  • Download to /root/
• HostAP drivers (If you have a Prism based NIC - not necessary otherwise)
  • hostap-driver-0.1.3.tar.gz
  • http://hostap.epitest.fi/
  • Download to /root/
• MadWiFi drivers (If you have an Atheros based 802.11a, a/b, a/g NIC - not necessary otherwise)
  • Must download CVS version - do not use 20030802 version
  • http://sourceforge.net/projects/madwifi/
  • Download to /root/
• Libpcap current
  • libpcap-current.tar.gz
  • http://www.tcpdump.org
  • Download to /root/
• Ethereal
  • ethereal-0.10.4.tar.gz  
  • http://www.ethereal.com/distribution/
  • Download to /usr/src/
• GPS Drive (Optional)
  • gpsdrive-2.09.tar.gz
  • http://www.gpsdrive.cc/download.shtml
  • Download to /root/
• ImageMagick (Optional)
  • imageMagick-5.5.7-17.tar.gz
  • http://imagemagick.sourceforge.net/
  • Download to /root/
• Kismet – (I like the development code because it is frequently updated, but you might go with the stable version)
  • kismet-devel.tar.gz
  • http://www.kismetwireless.net/download.shtml
  • Download to /root/

Login to you laptop with your username and password.

Start a terminal window.

            Red Hat Icon -> System Tools -> Terminal

Note – Because it’s Linux, and you should get use to the command line, you might add a link to the terminal window to the panel window (Microsoft calls it the Task Bar). Right click on the panel window -> Add to Panel -> Launcher from menu -> System Tools -> Terminal.

Install the Orinoco Drivers

There are several different drivers that work with Orinoco wireless NICs. The best and most popular drivers are written by David Gibson, but do not include support to put the card into monitor mode. The Orinoco drivers by must be modified with a patch from Shmoo to enable this functionality. To find out more information about the Orinoco drivers visit http://ozlabs.org/people/dgibson/dldwd/.  Additionally, for information about the Shmoo patch for Orinoco cards, visit http://airsnort.shmoo.com/orinocoinfo.html.

Install the Orinoco drivers

# cd or # cd /root/
# tar -zxf orinoco-0.13e.tar.gz
# patch -p0 < orinoco-0.13e-rfmon-dragorn3.diff

patching file orinoco-0.13e/hermes.c
patching file orinoco-0.13e/hermes.h
patching file orinoco-0.13e/orinoco.c
patching file orinoco-0.13e/orinoco.h
# cd orinoco-0.13e  

# make
# make install

Restart the pcmcia service

# service pcmcia restart

To test that the Orinoco drivers have installed correctly, you should see the following lines after running the “dmesg“ command.

                    # dmesg

orinoco.c 0.13e (David Gibson <hermes@gibson.dropbear.id.au> and others)
orinoco_cs.c 0.13e (David Gibson <hermes@gibson.dropbear.id.au> and others)
eth1: Station identity 001f:0001:0008:000a
eth1: Looks like a Lucent/Agere firmware version 8.72
eth1: Ad-hoc demo mode supported
eth1: IEEE standard IBSS ad-hoc mode supported
eth1: WEP supported, 104-bit key
eth1: MAC address 00:02:DE:AD:BE:EF
eth1: Station name "HERMES I"
eth1: ready
eth1: index 0x01: Vcc 5.0, irq 3, io 0x0100-0x013f
eth1: New link status: Connected (0001)

Additionally, to test that the Shmoo patch installed correctly, you should see “monitor” listed as one of the available features.

# iwpriv eth1
eth1 Available private ioctl :
    force_reset      (8BE0) : set 0     & get 0
    card_reset reset (8BE1) : set 0     & get 0
    set_port3 reset  (8BE2) : set 1 int & get 0
    get_port3        (8BE3) : set 0     & get 1 int
    set_preamble     (8BE4) : set 1 int & get 0
    get_preamble     (8BE5) : set 0     & get 1 int
    set_ibssport     (8BE6) : set 1 int & get 0
    get_ibssport     (8BE7) : set 0     & get 1 int
    monitor          (8BE8) : set 2 int & get 0
    dump_recs        (8BFF) : set 0     & get 0

Note – I have notices that the Orinoco drivers do not want to release from the interface and you must manually shut down the interface. If you remove a wireless NIC, type in "# ifconfig eth1 down" before you reinsert or restart any PCMCIA NIC.

Install HostAP drivers for Prism based cards (Optional)

There are three main Linux drivers for Prism based cards with different features (Orinoco drivers, Linux-wlan drivers, and HostAP drivers). For my How-To document, I choose the HostAP driver because of the feature to turn the wireless NIC into an Access Point. For more information about the HostAP drivers go to http://hostap.epitest.fi/. 

Copy the proper Red Hat Kernel config file for your system into the Kernel source folder. The source file will be different for different systems. Because my computer is a Pentium 4, I will use the kernel-2.4.20-i686.config file.

# cp /usr/src/linux-2.4/configs/kernel-2.4.22-i686.config /usr/src/linux-2.4/.config

Expand the HostAP file

# cd or cd /root
# tar –xzf hostap-driver-0.1.3.tar.gz
# cd hostap-driver-0.1.3

If you are using Fedora Core 1, you must make one additional edit.  I found this answer from a posting on the HostAP mailing list - thanks Bennett Feitell.  It sounds like Red Has has applied a patch to the Kernel that is typically found in later editions.  Edit  line 178 in "driver/modules/hostap_compat.h" to read:

#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,4,22))

Compile and install the drivers

# make pccard KERNEL_PATH=/usr/src/linux-2.4
# make install_pccard KERNEL_PATH=/usr/src/linux-2.4

Restart the pcmcia service

# service pcmcia restart

To test that the HostAP drivers have installed correctly, you should see the following lines after running the “dmesg“ command.

# dmesg

hostap_crypt: registered algorithm 'NULL'
hostap_cs: hostap_cs.c 0.1.3 (SSH Communications Security
Corp, Jouni Malinen)
hostap_cs: (c) Jouni Malinen <jkmaline@cc.hut.fi>  
ostap_cs: setting Vcc=33 (constant)
hostap_cs: CS_EVENT_CARD_INSERTION
prism2_config()
hostap_cs: setting Vcc=50 (from config)
Checking CFTABLE_ENTRY 0x01 (default 0x01)
IO window settings: cfg->io.nwin=1 dflt.io.nwin=1
io->flags = 0x0046, io.base=0x0000, len=64
hostap_cs: index 0x01: Vcc 5.0, irq 3, io 0x0100-0x013f
divert: allocating divert_blk for wlan0
hostap_cs: Registered netdevice wlan0
prism2_hw_init()
prism2_hw_config: initialized in 9396 iterations
wlan0: NIC: id=0x8002 v1.0.0
wlan0: PRI: id=0x15 v0.3.0
wlan0: STA: id=0x1f v0.8.3
wlan0: defaulting to host-based encryption as a workaround for firmware
bug in Host AP mode WEP
wlan0: LinkStatus=2 (Disconnected)

Install MadWiFi drivers for Atheros based 802.11a, a/b, or a/g cards (Optional)

The MadWiFi drivers are necessary for Atheros based 802.11a, a/b, and a/g cards.  Kismet included the support for these cards/drivers in the kismet-devel version as of December 6, 2003.

Copy the proper Red Hat Kernel config file for your system into the Kernel source folder. The source file will be different for different systems. Because my computer is a Pentium 4, I will use the kernel-2.4.20-i686.config file.  You can skip this first step if you've also installed the HostAP drivers.

# cp /usr/src/linux-2.4/configs/kernel-2.4.22-i686.config /usr/src/linux-2.4/.config

Download the MadWiFi drivers from CVS

# cd or cd /root
# cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/madwifi login

[password is blank - press enter]

# cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/madwifi co madwifi

Compile and install the MadWiFi drivers

# cd madwifi
# make
# make install

Restart the pcmcia service

# service pcmcia restart

To test that the MadWiFi drivers have installed correctly, you should see the following lines after running the “dmesg“ command.

# dmesg

cs: cb_alloc(bus 2): vendor 0x168c, device 0x0013
PCI: Enabling device 02:00.0 (0000 -> 0002)
ath_pci: cache line size not set; forcing 4
divert: allocating divert_blk for ath0
ath0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
ath0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36M bps 48Mbps 54Mbps
ath0: turbo rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
ath0: 802.11 address: 00:30:DE:AD:BE:EF
ath0: Atheros 5212: mem=0x18400000, irq=11

Install Libpcap

Libpcap provides a network library that helps programmers create code that is easy to wire and portable to other operating systems. This package is now optional to get Kismet working, but recommended if you want to use Ethereal or tcpdump.

Expand the libpcap file.

# cd or cd /root
# tar –xzf libpcap-current.tar.gz

The following line will depend on the date you downloaded the file.

# cd libpcap-2004.04.03
# ./configure
# make
# make install

Install Ethereal

Ethereal is a network protocol analyzer that allows for the capture, viewing, and analysis of information of each packet that is transmitted over a network. When Kismet runs, it collects packets and saves them to a file that is compatible with Ethereal. The Kismet dump files can be opened and further analyzed in Ethereal. For more information about the use and installation of Ethereal, visit http://www.ethereal.com/docs/user-guide/. 

The installation of Ethereal is as follows:

# cd /usr/src
# tar –xzf ethereal-0.10.4.tar.gz
# cd ethereal-0.10.4
# ./configure
# make
# make install

I found with the Ethereal 0.10.4 I also had to run the following command:

# ldconfig

Install GpsDrive (Optional)  

GpsDrive is a navigation system that works in conjunction with a NMEA compatible GPS device to determine your exact position by collecting coordinate information. The installation of this program is optional and only necessary if you would like the ability to collect location information while using Kismet. The location data collected from a GPS combined with signal strength can be used to create maps of radio coverage. The coverage maps are created using the "gpsmap" program included with Kismet. Additionally, recent versions of GPSDrive (greater the 1.30) can log access points detected with Kismet into a backend MySQL database.

You often need to install the "pcre-devel" RPM before you can compile GpsDrive.  In Red Hat 9, download the RPM and install it.  If you are using Fedora Core, just run the following command:

# yum install pcre-devel

Begin the installation of GpsDrive by uncompressing the files:

# cd / or cd /root
# tar –xzf gpsdrive-2.09.tar.gz
# cd gpsdrive-2.09

Configure, compile, and install the GpsDrive program:

# ./configure
# make
# make install

Now start the the mysqld service.

# service mysqld start

(you could also add mysqld to start automatically when Linux boots - Red Hat -> Server Settings -> Services, select mysqld, and click save)

Now run the script provided by GpsDrive to create a MySQL database and tables that will hold the access points that you detect.

# mysql < create.sql

 To verify that GpsDrive works,

# gpsdrive &

Select “setup”

Select the serial port you will be using on your computer (I’m using “/dev/ttyS0”)

Note – If you’ve configured GpsDrive and are receiving “Input/output error”, you might verify that the serial port is enabled in BIOS. You can verify you are receiving data from the GPS with the following command:

# cat /dev/ttyS0

Install ImageMagick (Optional)

ImageMagick is a graphics package that contains tools and libraries necessary if you would like to use the program “gpsmap” included with Kismet. Gpsmap combines coordinate information collected from a GPS, with signal strength information to produce maps of wireless coverage areas.

Install ImageMagick from source

# cd or # cd /root
# tar –xzf ImageMagick-5.5.7-17.tar.gz
# cd ImageMagick-5.5.7-17
# ./configure -enable-shared
# make
# make install

Install Kismet

Kismet has become one of the standard tools necessary to perform wireless security assessments or just good old war driving. The included features challenge that of most commercial products, and are only limited to the weekly (many times daily) update the author provides.

Download the latest version of Kismet with CVS.

# cd or cd /root
# cvs -z3 -d :pserver:anonymous:anoncvs@kismetwireless.net:/home/dragorn/cvs co -P kismet

To compile kismet, complete the following steps.

# cd kismet
# cd kismet-devel
# ./configure --with-ethereal=/usr/src/ethereal-0.10.3
# make dep
# make
# make install

If you have problems installing Kismet or need help with other configuration options. http://www.kismetwireless.net/documentation.shtml. 

Configure Kismet

Kismet must be configured to specify various options including the type of wireless network card you will be using.

Edit the “/usr/local/etc/kismet.conf“ file.

Red Hat -> Accessories -> Text Editor

Open -> /usr/local/etc/kismet.conf

Or use a command line editor such as pico or vi

# pico /usr/local/etc/kismet.conf

Change the following values in kismet.conf.

suiduser=<username you created>

Verify that eth1 is your wireless interface (I have a wired NIC eth0 and the Orinoco as eth1).

source=orinoco,eth1,Kismet

I prefer  to specify the exact path where we will place the logs.

logtemplate=%h/kismet-logs/%n-%d-%i.%l

Save the “kismet.conf” configuration file and exit.

Make the kismet-logs directory that we stated in the kismet configuration file.

# cd /home/<username you created>
# mkdir kismet-logs

Note – If you have been doing everything as root, be sure to change the permissions on the kismet-logs directory to belong to the user and not to root.

# chown your_user_name:your_user_name kismet-logs

Running Kismet

The most recent devel versions of Kismet have made it an easy task to start the tool.  Now only one command is necessary to place the card into monitor mode, start the channel hopping, start the Kismet server, and start the Kismet client.

To begin Kismet (With a recent devel version), just enter following command.

# kismet

If you want to use GpsDrive with Kismet, type the following commands in another terminal window.

# service mysqld start     (you could also add it to start automatically when linux boots - Red Hat -> Server Settings -> Services, select mysqld, and click save)

# gpsdrive &

Select "start gpsd"

Select the "use SQL" option

Select the "Show WP" option

If you want to use Kismet, but only monitor a specific channel, enter the following command.  Just  replace <source> with the name of the source from the "kismet.conf" file and <channel> is the channel you want to monitor.

# kismet -X -I <source>:<channel>

If you're using an older version of Kismet (< 3.0), you must start the channel hopper and then start Kismet.  You do this with the following two commands

# kismet_monitor -H
# kismet

Kismet has a number of built in help documents.  Once you begin the Kismet program, press “h” to open a help window. Most screens will have a help window that explains each area, and keys that can be pressed for various actions.  Another good source of help can be found in both the Kismet forum and the Netstumbler forum.
 

Frequently Asked Questions

I have collected a number of Frequently Asked Questions from the Red Hat + Kismet - HOWTO, and put them together in a FAQ document.  Follow this link to find the Red Hat + Kismet HOWTO - FAQ document.

Other Security Tools (instructions coming soon)

Airsnort – http://airsnort.shmoo.com
Wellenreiter – http://www.remote-exploit.org/
Tcpdump – http://www.tcpdump.org
Nmap – http://www.insecure.org
AirJack – http://802.11ninja.net 

To Do

• Get the T30 sound card to work in Kismet (I got this to work with the ALSA drivers and with Red Hat 9.  I can't wait until the Linux Kernel 2.6 is officially released.)