Friday, March 8, 2013

Running Kismet on OpenWRT with TP-Link TL-WDR4300 and Backtrack 5 R3



After learning approximately 3 days I have got Kismet to work. I can't put blame on anyone but myself but I'd have to say that much of the content of the outdated guides on the Internet often do not apply anymore. Here are a few details, tips + tricks on what I have learned and notice that people often miss.





Tools Info: (Yours could definitely be different)
Hardware: TP-Link TL-WDR4300 (With OpenWRT Attitude Adjustment 12.09rc1 firmware)
Server OS: Backtrack 5 R3 (not the safest way, but able to run Kismet for now)
Kismet Drone: version 2010-07-R1-
Kismet Server + Client: version 2011-03-R2



1. Kismet versions compatibility:
Kismet drones since the version=newcore.1 are designed to be forward compatible, as long as it's newer than 2009 version. So even if the newer Kismet server versions (say 2010 or 2011) are used, you should be able to connect your Kismet server to the drone in your router.

2. Router Wireless card MONITOR mode:
(ssh to your router)
If your router supports monitor mode, you might as well set it to the monitor mode to begin with even before running Kismet. This can be done by configuring the file in your router at /etc/config/wireless, or on the LuCi web UI.

config wifi-iface       
        option device   radio0
        option network  lan  
        option mode     monitor
        option ssid     OpenWrt

     #option encryption none   ##comment or delete this line if it exists##

3. Kismet drone config file: (ssh to your router)

The config file should be at /etc/kismet/kismet_drone.conf or you could just run this command to find where it is:

cd /
find -name kismet_drone.conf

'ncsource' parameters
Notably, most new beginners would have problems with 'ncsource' parameters, and may fall short on searching for answers on the internet. Mostly you'd find outdated guides that still use the old 'source' and not the new 'ncsource', they are different entirely!!! (well not that entirely).

So what you'd need to do is:

Try to see what type of your wireless network interface card(WNIC) on your router is by command 'iwconfig' or 'iw info wlan0'. Then consult the Kismet readme page (Documentation) in section 5 and 7.

Basically you'd need to use smth like 'ncsource=wlan0:type=[yourcardtype]'
ex. 'ncsource=wlan0:type=ath9k'
ex. 'ncsource=wlan0:type=ath9k,forcevap=false,hop=false,channel=5'

where 'forcevap' is not needed because we have already put the WNIC into monitor mode, it would take away the annoying error message.

'hop' could be set to false for WNICs those don't support channel hopping.

'channel' just specifies a channel to detect traffic on.

The newer versions of drone are written to auto-detect the types but sometimes they don't so you might need to specify. Even sometimes, I have heard, they falsely detect your WNIC for another type which would reduce the performance of Kismet.

When you run kismet_drone on your router, you can specify option -f to locate your kismet_drone.conf file. Because some people might install kismet on their usb instead of into the Flash memory of router.

~#: kismet_drone -f /mnt/usb/etc/kismet/kismet_drone.conf

When you run it, you might see some error messages but they are okay as long as it's not a "FATAL ERROR: Blah blah blah" with a capitol F.




4. Kismet Server config file: (on your linux server)

The newer versions of Kismet omit the kismet_client.conf file and merge it with kismet.conf (server config file) which could be found at either /etc/kismet/kismet.conf (on Ubuntu it's here) or /usr/local/etc/kismet.conf (on BT5 it's here).


For kismet server: I just use 'ncsource=drone:host=[routerIP],port=[kismetDronelistenPortOnRouter]'
ex. 'ncsource=drone:host=10.0.0.1,port=2502'

NOTE: Notice the colon after 'drone' it is not a comma!!!

For futher info, please refer to the Kismet readme page (Documentation) in section 5 and 7.

5. Keep getting ERROR: Could not connect to Kismet server 'localhost:2501'

This problem happens for some when trying to connect kismet client with kismet server.

Here, some suggests to add this line to your server /etc/hosts file:

127.0.0.1 localhost.localdomain localhost

(But on BT5 R3 I already have it in there)



Sometimes the problem is just this.
For the time being I learn that you wouldn't need to start another terminal for 'kismet_server' to run. You only need to run 'kismet', and a gui will pop-up, in there you can start a server and it will auto connect with the kismet client.



Last Notes:

I find this paper to be extremely helpful and most up-to-date, it's written by laserpad of the Kismet community. (Thank you)

http://www.giac.org/paper/gcih/18158/remote-access-point-ids/115738 [pdf]

Other than that, I would suggest sticking with the Kismet Documentation which is very resourceful by itself.

Please kindly leave suggestions and comments, I might write a more complete version of this later when I learn more about kismet for beginners who struggle to get Kismet to run. Thanks!