====== Kismet ======
Der Aspire One braucht den madwifi-Treiber.
kismet muss als madwifi_g konfiguriert werden:
/etc/kismet/kismet.conf:
source=madwifi_g,wifi0,madwifi
(madwifi_g, nicht madwifi_ng)
Problem: unter iwconfig findet man ath0.
Kismet braucht aber beim madwifi_ng aber wifi0
Zum Anlegen eines ath0 im Monitor-Mode würde ich folgendes empfehlen:
ifconfig ath0 down
wlanconfig ath0 destroy
wlanconfig ath0 create wlandev wifi0 wlanmode monitor
ifconfig ath0 up
airmon-ng geht auch:
It depends on which driver you are using. For all drivers except madwifi-ng:
airmon-ng stop
For madwifi-ng, first stop ALL interfaces:
airmon-ng stop athX
Where X is 0, 1, 2 etc. Do a stop for each interface that iwconfig lists.
Then:
wlanconfig ath create wlandev wifi0 wlanmode sta
kismet -c madwifi_g,wifi0,madwifi
----
Sources:
Source type Cards OS Driver
--------------- ------------------- ----------- -------------------------
acx100 TI ACX100 Linux ACX100
http://acx100.sourceforge.net/
ACX100 drivers handle the 22mbit cards branded by D-Link
and others.
admtek ADMTek Linux ADMTek
http://www.latinsud.com/adm8211/ (Patches)
http://aluminum.sourmilk.net/adm8211/ (GPL driver)
ADMTek drivers used in many consumer 802.11b cards. With
the patches above, quasi-rfmon is possible - these cards
appear to be almost entirely software controlled and
always in a rfmon-like state. This card WILL BROADCAST
while in rfmon, rendering the sniffer visible.
The fully GPL drivers are supported, in addition to the
hacks to the non-free drivers.
airpcap Airpcap USB cygwin CACE Tech
http://www.cacetech.com/products/airpcap.htm
The CACE AirPcap USB device allows native capture on
Win32/Cygwin.
The explicit airpcap source expects the Win32/Cygwin
interface name. This should be used once the source
is identified via airpcap_ask or if multiple simultaneous
sources are required.
airpcap_ask Airpcap USB cygwin CACE Tech
http://www.cacetech.com/products/airpcap.htm
The CACE AirPcap USB device allows native capture on
Win32/Cygwin.
The airpcap_ask source lists available airpcap devices
and allows the user to pick interactively.
The 'capture interface' field is irrelevant and can be
filled with any value (for example, 'dummy')
atmel_usb Atmel-USB Linux Berlios-Atmel
http://at76c503a.berlios.de/
These drivers work ONLY on USB cards (Sorry, no PCMCIA
support). Monitor mode support is limited and "faked"
by bypassing part of the firmware and parsing packets
directly, and is likely to not report all of the
frames.
This card MAY BROADCAST while in rfmon, rendering the
sniffer visible.
It appears that this card may be only formatting the
beacons as an 802.11 stream, which means you likely
will not see data frames, rendering most IDS functions,
IP discovery, and data logging unavailable.
ath5k Atheros Linux Kernel/Madwifi
http://madwifi.org
Based on the OpenBSD OpenHAL, the Ath5k drivers are the
future of Atheros support and will be mainlined into the
Linux kernel.
ath5k_a Atheros Linux Kernel/Madwifi
http://madwifi.org
Ath5k source for 11a only
ath5k_ag Atheros Linux Kernel/Madwifi
http://madwifi.org
Ath5k source for 11a/11g
bcm43xx Broadcom Linux BCM43XX
http://bcm43xx.berlios.de, kernel
Linux native broadcom drivers incorporated into modern
kernels.
b43 Broadcom Linux
B43 broadcom drivers for current Broadcom devices in
Linux kernels
b43legacy Broadcom Linux
B43 broadcom drivers for legacy Broadcom devices in
Linux kernels
cisco Aironet 340,350 Linux Kernel 2.4.10 - 2.4.19
Standard Cisco cards in Linux. Works only with
the Linux kernel drivers, not the drivers found in
pcmcia-cs.
The drivers found on the cisco.com site can be patched
with the files from the Kismet download site to add
monitor mode with channel control, HOWEVER these drivers
are extremely buggy for normal use and work only with
the 2.4 kernel tree.
The cisco drivers currently do not enter rfmon mode
correctly, so channel control is not available. The
firmware will hop to whatever channel it feels like
hopping to, when it feels like hopping.
cisco_wifix Aironet 340,350 Linux Kernel 2.4.20+, CVS
http://sourceforge.net/projects/airo-linux/
Capture interface: 'ethX:wifiX'
Kernel 2.4.20+ and CVS drivers use ethX for normal mode
and wifiX for monitor mode. Kismet needs to know both
devices, which may not necessarily be the same number,
for example 'eth1:wifi0'.
Linux kernel 2.4.20 and 2.4.21 have highly unstable cisco
drivers and should be avoided.
The cisco drivers currently do not enter rfmon mode
correctly, so channel control is not available. The
firmware will hop to whatever channel it feels like
hopping to, when it feels like hopping.
darwin OSX native cards OSX/Darwin OSX
Supports both Broadcom and Atheros Airport-Extreme cards.
When using a Broadcom based card, it may be necessary to
enable rfmon on the device for the first time using another
program.
When using an Atheros based card, 802.11a may also be supported
by adding a 'sourcechannels' line to kismet.conf.
hostap Prism/2 Linux HostAP 0.4
http://hostap.epitest.fi/
HostAP drivers drive the Prism/2 chipset in access point
mode, but also can drive the cards in client and monitor
modes. The HostAP drivers seem to change how they go
into monitor mode fairly often, but this source should
manage to get them going.
ipw2100 Intel/Centrino Linux ipw2100-0.44+
http://ipw2100.sourceforge.net/
The Linux IPW2100/Centrino drivers for 802.11b cards
now support rfmon, so here's support for them. They act
more or less like any other wireless interface would.
ipw2200 Intel/Centrino Linux ipw2200-1.0.4+
http://ipw2200.sourceforge.net/
The Linux IPW2200/Centrino drivers for 802.11bg cards
support rfmon as of 1.0.4 and firmware 2.3.
Signal level reporting requires radiotap be turned on
in the makefile while compiling the driver. Noise levels
are not reported.
ipw2915 Intel/Centrino Linux ipw2200-1.0.4+
http://ipw2200.sourceforge.net/
The Linux IPW2200/Centrino drivers for 802.11bga cards
support rfmon as of 1.0.4 and firmware 2.3.
This is the same as ipw2200 but defaults to scanning the
802.11a channel range in addition to 802.11b/g.
Signal level reporting requires radiotap be turned on
in the makefile while compiling the driver. Noise levels
are not reported.
ipw3945 Intel/Centrino Linux ipw3945
http://ipw3945.sourceforge.net/
The Linux IPW3945/Centrino drivers for Intel Core
802.11bga cards.
ipwlivetap Intel/Centrino Linux ipw2200/3945
http://ipw2200.sourceforge.net/
http://ipw3945.sourceforge.net/
The ipw3945 and patched ipw2200 drivers support a
special mode which allows monitor-mode style sniffing
while remaining associated. Channel hopping is not
possible, as the card is still associated to a
specific AP, but single-channel IDS and sniffing can
be accomplished. See the ipw driver mailing list
archives for information about patching your drivers.
iwl3945 Intel/Centrino Linux iwl3945
Intel's new IPW drivers using the mac80211 kernel
layer.
iwl4965 Intel/Centrino Linux iwl4965
Intel's new IPW drivers using the mac80211 kernel
layer.
kismet_drone n/a Any n/a
Capture interface: 'dronehost:port'
The remote drone capture source connects to a Kismet
drone and processes the packets. Refer to the Remote
Drone section of the README for more details about how
to set up a drone.
madwifi_a Atheros Linux madwifi
http://sourceforge.net/projects/madwifi/
Capture interface: 'athX'
Capture interface: 'wifiX' (Madwifi-NG)
Madwifi drivers in 802.11a-only mode.
When using madwifi-ng, be sure all non-monitor VAPs have
been removed, otherwise madwifi will not properly report
most traffic.
madwifi_b Atheros Linux madwifi
http://sourceforge.net/projects/madwifi/
Capture interface: 'athX'
Capture interface: 'wifiX' (Madwifi-NG)
Madwifi drivers in 802.11b-only mode.
When using madwifi-ng, be sure all non-monitor VAPs have
been removed, otherwise madwifi will not properly report
most traffic.
madwifi_g Atheros Linux madwifi
http://sourceforge.net/projects/madwifi/
Capture interface: 'athX'
Capture interface: 'wifiX' (Madwifi-NG)
Madwifi drivers in 802.11g-only mode. This will,
obviously, also see 11b networks.
When using madwifi-ng, be sure all non-monitor VAPs have
been removed, otherwise madwifi will not properly report
most traffic.
madwifi_ab Atheros Linux madwifi
http://sourceforge.net/projects/madwifi/
Capture interface: 'athX'
Capture interface: 'wifiX' (Madwifi-NG)
Madwifi drivers in 802.11a and 802.11b combo mode. This
will seamlessly switch between bands during channel
hopping.
When using madwifi-ng, be sure all non-monitor VAPs have
been removed, otherwise madwifi will not properly report
most traffic.
madwifi_ag Atheros Linux madwifi
http://sourceforge.net/projects/madwifi/
Capture interface: 'athX'
Capture interface: 'wifiX' (Madwifi-NG)
Madwifi drivers in 802.11a and 802.11g combo mode. This
will seamlessly switch between bands during channel
hopping.
When using madwifi-ng, be sure all non-monitor VAPs have
been removed, otherwise madwifi will not properly report
most traffic.
madwifing_a Atheros Linux madwifi-ng
madwifing_ab Atheros Linux madwifi-ng
madwifing_ag Atheros Linux madwifi-ng
madwifing_g Atheros Linux madwifi-ng
madwifing_b Atheros Linux madwifi-ng
http://sourceforge.net/projects/madwifi/
Capture interface: 'wifiX'
*Deprecated*. Detection for madwifi-ng is built into
the standard madwifi sources. The _ng source names
have been kept to allow old configs to continue
functioning.
nokia770 Nokia Linux Nokiea
http://maemo.org/
Nokia770 capture interface. Includes support for
validating frame checksums to screen out junk
packets, since the drivers pass us all data.
nokia8x0 Nokia 800,810
http://maemo.org/
Nokia 8x0 capture interface, including support for
FCS validation.
The Nokia drivers appear to exhibit instability while
capturing where they stop reporting packets. This may
be minimized by setting the Network Scan interval to
"never" in the control panel->networking section.
orinoco Lucent, Orinoco Linux Patched orinoco_cs
http://airsnort.shmoo.com/orinocoinfo.html
The Orinoco drivers which have mainlined into the Linux
kernel do support monitor mode, however only specific firmware
versions are supported and often they do not work.
An up-ported version of the older Orinoco drivers which more
reliably supported rfmon may be available at:
http://www.projectiwear.org/~plasmahh/orinoco.html
Generally, Orinoco cards are not recommended for use with
Kismet due to these limitations.
orinoco_14 Lucent, Orinoco Linux Orinoco 0.14+
https://savannah.nongnu.org/projects/orinoco/
This source is deprecated and should only be used with
pre-release versions of a driver since merged into the Linux
kernel.
pcapfile n/a Any n/a
Capture interface: '/path/to/file'
The pcapfile capture source feeds a stored 802.11-encap
dump file through the Kismet engine again. This can be
useful for debugging or rescanning old logs for
alert conditions. Pcapfile sources are only available
if Kismet was compiled with libpcap support.
prism2_openbsd Prism/2 OpenBSD Kernel
Full support for Prism2 under OpenBSD.
prism54g PrismGT Linux prism54
http://www.prism54.org
PrismGT 802.11g drivers supporting monitor mode.
radiotap_bsd_ab Radiotap BSD Kernel
Dual-band cards with radiotap headers.
radiotap_bsd_a Radiotap BSD Kernel
802.11a cards (or dual-band on 11a channels only) with
radiotap headers.
radiotap_bsd_b Radiotap BSD Kernel
802.11b/g cards (or dual-band on 11b channels only) with
radiotap headers.
rt2400 Ralink 2400 11b Linux rt2400-gpl
http://rt2x00.serialmonkey.com/
Ralink 2400 802.11b cards using the serialmonkey GPL'd
rt2x00 drivers. Must use 1.2.2 beta 2 or newer drivers.
rt2500 Ralink 2500 11g Linux rt2500-gpl
http://rt2x00.serialmonkey.com/
Ralink 2500 802.11g cards using the serialmonkey GPL'd
rt2x00 drivers. Must use 1.1.0 beta 2 or newer drivers.
rt73 Ralink 73 11g Linux rt73-gpl-cvs
http://rt2x00.serialmonkey.com/
Ralink 73 802.11g USB cards using the serialmonkey GPL'd
rt79 drivers (tested only with CVS driver versions)
rt8180 Realtek 8180 11b Linux rtl8180-sa2400
http://rtl8180-sa2400.sourceforge.net/
Realtek 8180 based cards (there seem to be an awful lot of
them) using the GPL drivers.
viha Airport OSX viha
http://www.dopesquad.net/security/
Monitor mode support for Airport under OSX. Does not
support Airport Extreme.
vtar5k Atheros 802.11a Linux vtar5k
http://team.vantronix.net/ar5k/
vtar5k drivers handle some Atheros 802.11a cards. Chances
are you'll have better luck with madwifi drivers.
wlanng_legacy Prism/2 Linux wlan-ng 0.1.3 and earlier
http://www.linux-wlan.com/
Old wlan-ng drivers didn't support pcap capturing and
use a netlink socket to the kernel. These are still in
use on some embedded systems (like the Zaurus).
wlanng Prism/2 Linux wlan-ng 0.1.4 - 0.1.9
http://www.linux-wlan.com/
Wlan-ng prism2 drivers prior to the AVS headers.
wlanng_avs Prism/2 Linux wlan-ng 0.2.0+
http://www.linux-wlan.com/
Newer wlan-ng drivers support a new header type and
slightly different monitor commands to report wepped
packets.
wrt54g Linksys WRT54G Linux linksys
http://seattlewireless.net/index.cgi/LinksysWrt54g
Capture interface: 'wlX'
Support for the newer firmware versions on the
WRT54G/S/L devices (and any others using the broadcom
reference chipset).
Some systems generate a secondary device, prism0, while
in monitor mode and require special care while channel
hopping, it is no longer necessary to specify the prism0
device explicitly for Kismet.
wsp100 NetChem WSP100 Any n/a
http://networkchemistry.com/
Capture interface: 'host:port'
The WSP100 is an embedded device which reports 802.11
packets over UDP. The wsp100 capture source is
(generally) system agnostic, however over time it has
been less maintained than others. If you'd like to
send me patches for this, please let me know.
zd1211 ZyDAS USB Linux zd1211
http://zd1211.ath.cx
The ZD1211 drivers have had some regressions which lead to
data corruption while changing channel. Some versions
work, and typically the aircrack patches resolve the
corruption issues if your version doesn't properly handle
rfmon.
Chipsets known to NOT WORK:
Broadcom - No linux drivers, only useable with ndiswrapper or
linuxant wrappers around windows drivers.
*** UPDATE ***
See the bcm43xx source type entry. There are
experimental reverse-engineered drivers which have
monitor mode support now under Linux! If they don't
work, however, then too bad.
Airport Extreme - Really a Broadcom, with no rfmon in the OSX drivers.
*** UPDATE ***
See the bcm source for linux on ppc, it MAY work, it
may not. Currently theres no solution for OSX but
I'm looking for OSX hackers interested in redoing the
Kismet port and looking into adding more support.
Atmel - There is a hack for pseudo-monitor in USB. There is
currently no equivalent hack for PCMCIA.
HermesII - Proxim successor to the Orinoco/HermesI. No support
yet in the drivers, may be available in the future.
ndiswrapper - Anything using ndiswrapper is using WINDOWS drivers
AND CAN NOT BE USED WITH KISMET.