Red Hat Linux 8.0 + Kismet HOWTO
(Works with Red Hat 9 too)
Ritchie@tipsybottle.com
Created – October 30, 2002
Last updated – September 28, 2003 

Description

The primary goal of this How-To is to install and configure Red Hat Linux 9.0 with an Orinoco wireless NIC and the Kismet wireless sniffer. Now these instructions also include drivers for Prism (SMC, Linksys, D-Link, etc.), Cisco, and/or Atheros based 802.11a wireless NICs. These instructions were primarily created for an IBM T30 with Windows 2000 Professional on half the hard drive. I will use the other half of the hard drive for my Red Hat Linux installation. Although, these instructions were created for my particular situation, they should apply to many other configurations.

News - I have put together a FAQ with common questions I have received.  You can find the FAQ here.

Note - This process also works with Red Hat 8.0. The process to install the wireless tools is the same, but the file names (because of versions) is slightly different. I'm going to create a new document in the next couple of weeks to this exact process. 

Note - For a period of time it was necessary to recompile the kernel when using Red Hat 8.0 + Orinoco-11b drivers. I believe changes were made to the Orinoco drivers that make this task unnecessary (I first noticed this in early March 2003). If you follow the following instructions you should no longer need to recompile the Kernel. If you would like learn how to build a simple kernel or want to use an older version of the Red Hat 8.0 kernel or Orinoco drivers, see my old Red Hat Linux 8.0 + Orinoco + Kismet HOWTO document.


Index

  1. Install Red Hat 8.0
  2. Download Required Files
  3. Update to the most recent packages
  4. Install Orinoco drivers
  5. Install HostAP drivers for Prism based cards (Optional)
  6. Install ar5k drivers for Atheros 802.11a cards (Optional)
  7. Install libpcap
  8. Install Ethereal
  9. Install GPSDrive (Optional)
  10. Install ImageMagick (Optional)
  11. Install Kismet
  12. Configure Kismet
  13. Running Kismet
  14. Other security tools
  15. Frequently Asked Questions
  16. To-Do
  17. Questions/Comments/Concerns
  18. Credits


Install Red Hat 8.0 Linux

Red Hat Linux has become the most popular alternative the Windows operating systems. From the beginning of Red Hat, the company has been working to package an operating system that is simple to install, easy to use, and contains a variety of practical features.

There are several options to obtain the media necessary to install Red Hat Linux. Some of the more popular options include:

If you install from CD, it is recommended that you verify the integrity of the discs the first time you use them. You will be prompted for this at the beginning of the installation. The first and most important step of this install is to install Red Hat Linux. If you need help to install the operating system, visit http://www.Red Hat.com/docs/manuals/linux/RHL-8.0-Manual/install-guide/.

Additionally, if you need to download a copy of Red Hat 8.0, visit the following site to find a mirror: http://www.redhat.com/download/mirror.html.

    Here are the options I choose during the installation of Red Hat Linux:

    Total install size: 1,921M

    Installation (25 minutes later for a CD install, 4 hours for a net install)

    (Automatically Shutdown and restart into Red Hat Linux)


Update to the most recent packages

    Register with the Red Hat Network

    Login using root and your password

    Run up2date to update the system with the latest and most stable packages.

Note – I understand it is not recommended that you run a NIX system as root, and I agree if it were a multi-user system that this would be discouraged.


Download Required Files

Several files will be required to complete the installation process. Download the following files into the specified directories:

Login with your username and password.

Start a terminal window.

            Red Hat Icon -> System Tools -> Terminal

Note – Because it’s Linux, and you should get use to the command line, you might add a link to the terminal window to the panel window (Microsoft calls it the Task Bar). Right click on the panel window -> Add to Panel -> Launcher from menu -> System Tools -> Terminal.


Install the Orinoco Drivers

There are several different drivers that work with Orinoco wireless NICs. The best and most popular drivers are written by David Gibson, but do not include support to put the card into monitor mode. The Orinoco drivers by must be modified with a patch from Shmoo to enable this functionality. To find out more information about the Orinoco drivers visit http://ozlabs.org/people/dgibson/dldwd/.  Additionally, for information about the Shmoo patch for Orinoco cards, visit http://airsnort.shmoo.com/orinocoinfo.html.

Install the Orinoco drivers

# cd or # cd /root/
# tar -zxf orinoco-0.13e.tar.gz
# patch -p0 < orinoco-0.13e-patch.diff

patching file orinoco-0.13e/hermes.c
patching file orinoco-0.13e/hermes.h
patching file orinoco-0.13e/orinoco.c
patching file orinoco-0.13e/orinoco.h
# cd orinoco-0.13e  

# make
# make install

To test that the Orinoco drivers have installed correctly, you should see the following lines after running the “dmesg“ command.

                    # dmesg

hermes.c: 4 Dec 2002 David Gibson <hermes@gibson.dropbear.id.au>
orinoco.c 0.13e (David Gibson <hermes@gibson.dropbear.id.au> and others)
orinoco_cs.c 0.13e (David Gibson <hermes@gibson.dropbear.id.au> and others)
eth1: Station identity 001f:0001:0008:000a
eth1: Looks like a Lucent/Agere firmware version 8.72
eth1: Ad-hoc demo mode supported
eth1: IEEE standard IBSS ad-hoc mode supported
eth1: WEP supported, 104-bit key
eth1: MAC address 00:02:DE:AD:BE:EF
eth1: Station name "HERMES I"
eth1: ready
eth1: index 0x01: Vcc 5.0, irq 3, io 0x0100-0x013f
eth1: New link status: Connected (0001)

Additionally, to test that the Shmoo patch installed correctly, you should see “monitor” listed as one of the available features.

# iwpriv eth1
eth1 Available private ioctl :
    force_reset      (8BE0) : set 0 & get 0
    card_reset reset (8BE1) : set 0 & get 0
    set_port3 reset  (8BE2) : set 1 int & get 0
    get_port3        (8BE3) : set 0 & get 1 int
    set_preamble     (8BE4) : set 1 int & get 0
    get_preamble     (8BE5) : set 0 & get 1 int
    set_ibssport     (8BE6) : set 1 int & get 0
    get_ibssport     (8BE7) : set 0 & get 1 int
    monitor          (8BE8) : set 2 int & get 0

Note – I have notices that the Orinoco drivers do not want to release from the interface and you must manually shut down the interface. If you remove a wireless NIC, type in "# ifconfig eth1 down" before you reinsert or restart any PCMCIA NIC.


Install HostAP drivers for Prism based cards (Optional)

There are three main Linux drivers for Prism based cards with different features (Orinoco drivers, Linux-wlan drivers, and HostAP drivers). For my How-To document, I choose the HostAP driver because of the feature to turn the wireless NIC into an Access Point. For more information about the HostAP drivers go to http://hostap.epitest.fi/

Copy the proper Red Hat Kernel config file for your system into the Kernel source folder. The source file will be different for different systems. Because my computer is a Pentium 4, I will use the kernel-2.4.18-i686.config file.

# cp /usr/src/linux-2.4/configs/kernel-2.4.18-i686.config /usr/src/linux-2.4/.config

Expand the HostAP file

# cd or cd /root
# tar –xzf hostap-0.0.4.tar.gz
# cd hostap-0.0.4

Compile and install the drivers

# make pccard KERNEL_PATH=/usr/src/linux-2.4
# make install_pccard KERNEL_PATH=/usr/src/linux-2.4

To test that the HostAP drivers have installed correctly, you should see the following lines after running the “dmesg“ command.

# dmesg

hostap_crypt: registered algorithm 'NULL'
hostap_cs: hostap_cs.c 0.0.4 (SSH Communications Security
Corp, Jouni Malinen)
hostap_cs: (c) Jouni Malinen <jkmaline@cc.hut.fi>  
ostap_cs: setting Vcc=33 (constant)
hostap_cs: CS_EVENT_CARD_INSERTION
prism2_config()
hostap_cs: setting Vcc=50 (from config)
Checking CFTABLE_ENTRY 0x01 (default 0x01)
IO window settings: cfg->io.nwin=1 dflt.io.nwin=1
io->flags = 0x0046, io.base=0x0000, len=64
hostap_cs: index 0x01: Vcc 5.0, irq 3, io 0x0100-0x013f
divert: allocating divert_blk for wlan0
hostap_cs: Registered netdevice wlan0
prism2_hw_init()
prism2_hw_config: initialized in 9396 iterations
wlan0: NIC: id=0x8002 v1.0.0
wlan0: PRI: id=0x15 v0.3.0
wlan0: STA: id=0x1f v0.8.3
wlan0: defaulting to host-based encryption as a workaround for firmware
bug in Host AP mode WEP
wlan0: LinkStatus=2 (Disconnected)


Install ar5k drivers for Atheros based 802.11a cards (Optional)

The ar5k drivers are the first open source Linux drivers written for Atheros 802.11a cards. Currently the drivers only enable the receive components of the wireless NIC, but just enough features necessary to monitor 802.11a networks.

Expand the vt_ar5k file

# cd or cd /root
# tar –xzf vt_ar5k_20030509.tar.gz
# cd vt_ar5k 

Compile ar5k drivers

# make KERNEL_SOURCE=/usr/src/linux-2.4

Install the ar5k drivers into the proper locations. I had problems with "make install" so I'm installing them manually.

# cp vt_ar5k.o /lib/modules/2.4.18-27.8.0/net/vt_ar5k.o
# cp etc/pcmcia/vt_ar5k.conf /etc/pcmcia/vt_ar5k.conf

Edit the "/etc/modules.conf" file

Add the following line to select the channels that are available. This will be slightly different if you live outside the US.

options vt_ar5k reg_domain=fcc

Restart the pcmcia service

# service pcmcia restart

To test that the ar5k drivers have installed correctly, you should see the following lines after running the “dmesg“ command.

# dmesg

vt_ar5k: found [mem_start:0xd1ddc000, mem_end:0xd1dec000, len: 65536, irq:11]
vt_ar5k: setting up initial configuration register
divert: allocating divert_blk for wlan0
vt_ar5k (wlan0): starting card in standard mode
vt_ar5k (wlan0): MAC revision 0x0007
vt_ar5k (wlan0): PHY revision 0x0003
vt_ar5k (wlan0): A2 revision 0x0001
vt_ar5k (wlan0): hardware address 00:DE:AD:BE:EF:02
vt_ar5k (wlan0): status 0x00000100
vt_ar5k (wlan0): card initialized successfully
cs: IO port probe 0x0c00-0x0cff: clean.
cs: IO port probe 0x0100-0x04ff: excluding 0x3b8-0x3df 0x4d0-0x4d7
cs: IO port probe 0x0a00-0x0aff: clean.


Install Libpcap

Libpcap provides a network library that helps programmers create code that is easy to wire and portable to other operating systems. This package is now optional to get Kismet working, but recommended if you want to use Ethereal or tcpdump.

Expand the libpcap file.

# cd or cd /root
# tar –xzf libpcap-current.tar.gz

The following line will depend on the date you downloaded the file.

# cd libpcap-2002.10.19
# ./configure
# make
# make install


Install Ethereal

Ethereal is a network protocol analyzer that allows for the capture, viewing, and analysis of information of each packet that is transmitted over a network. When Kismet runs, it collects packets and saves them to a file that is compatible with Ethereal. The Kismet dump files can be opened and further analyzed in Ethereal. For more information about the use and installation of Ethereal, visit http://www.ethereal.com/docs/user-guide/

The installation of Ethereal is as follows:

# cd /usr/src
# tar –xzf ethereal-0.9.15.tar.gz
# cd ethereal-0.9.15
# ./configure
# make
# make install


Install GpsDrive (Optional)  

GpsDrive is a navigation system that works in conjunction with a NMEA compatible GPS device to determine your exact position by collecting coordinate information. The installation of this program is optional and only necessary if you would like the ability to collect location information while using Kismet. The location data collected from a GPS combined with signal strength can be used to create maps of radio coverage. The coverage maps are created using the "gpsmaps" program included with Kismet. Additionally, recent versions of GPSDrive (greater the 1.30) can log access points detected with Kismet into a backend MySQL database.

Begin the installation of GpsDrive by uncompressing the files:

# cd / or cd /root
# tar –xzf gpsdrive-2.04.tar.gz
# cd gpsdrive-2.04

Configure, compile, and install the GpsDrive program:

# ./configure
# make
# make install

Now start the the mysqld service.

# service mysqld start

(you could also add mysqld to start automatically when Linux boots - Red Hat -> Server Settings -> Services, select mysqld, and click save)

Now run the script provided by GpsDrive to create a MySQL database and tables that will hold the access points that you detect.

# mysql < create.sql

 To verify that GpsDrive works,

# gpsdrive &

Select “setup”

Select the serial port you will be using on your computer (I’m using “/dev/ttyS0”)

Note – If you’ve configured GpsDrive and are receiving “Input/output error”, you might verify that the serial port is enabled in BIOS. You can verify you are receiving data from the GPS with the following command:

# cat /dev/ttyS0


Install ImageMagick (Optional)

ImageMagick is a graphics package that contains tools and libraries necessary if you would like to use the program “gpsmap” included with Kismet. Gpsmap combines coordinate information collected from a GPS, with signal strength information to produce maps of wireless coverage areas.

Install ImageMagick from source

# cd or # cd /root
# tar –xzf ImageMagick-5.5.7-10.tar.gz
# cd ImageMagick-5.5.7-10
# ./configure
# make
# make install


Install Kismet

Kismet has become one of the standard tools necessary to perform wireless security assessments or just good old war driving. The included features challenge that of most commercial products, and are only limited to the weekly (many times daily) update the author provides.

To compile kismet, complete the following steps.

# cd or cd /root
# tar –xzf kismet-devel.tar.gz
# cd kismet-devel
# ./configure --with-ethereal=/usr/src/ethereal-0.9.14
# make dep
# make
# make install

If you have problems installing Kismet or need help with other configuration options. http://www.kismetwireless.net/documentation.shtml


Configure Kismet

Kismet must be configured to specify various options including the type of wireless network card you will be using.

Edit the “/usr/local/etc/kismet.conf“ file.

Red Hat -> Accessories -> Text Editor

Open -> /usr/local/etc/kismet.conf

Or use a command line editor such as pico or vi

# pico /usr/local/etc/kismet.conf

Change the following values in kismet.conf.

suiduser=<username you created>

Verify that eth1 is your wireless interface (I have a wired NIC eth0 and the Orinoco as eth1).

source=orinoco,eth1,Kismet

I prefer  to specify the exact path where we will place the logs.

logtemplate=%h/kismet-logs/%n-%d-%i.%l

Save the “kismet.conf” configuration file and exit.

Make the kismet-logs directory that we stated in the kismet configuration file.

# cd /home/<username you created>
# mkdir kismet-logs

Note – If you have been doing everything as root, be sure to change the permissions on the kismet-logs directory to belong to the user and not to root.

# chown your_user_name:your_user_name kismet-logs


Running Kismet

The most recent devel versions of Kismet have made it an easy task to start the tool.  Now only one command is necessary to place the card into monitor mode, start the channel hopping, start the Kismet server, and start the Kismet client.

To begin Kismet (With a recent devel version), just enter following command.

# kismet

If you want to use GpsDrive with Kismet, type the following commands in another terminal window.

# service mysqld start     (you could also add it to start automatically when linux boots - Red Hat -> Server Settings -> Services, select mysqld, and click save)

# gpsdrive &

Select "start gpsd"

Select the "use SQL" option

Select the "Show WP" option

If you want to use Kismet, but only monitor a specific channel, enter the following command.  Just  replace <source> with the name of the source from the "kismet.conf" file and <channel> is the channel you want to monitor.

# kismet -X -I <source>:<channel>

If you're using an older version of Kismet, you must start the channel hopper and then start Kismet.  You do this with the following two commands

# kismet_monitor -H
# kismet

Kismet has a number of built in help documents.  Once you begin the Kismet program, press “h” to open a help window. Most screens will have a help window that explains each area, and keys that can be pressed for various actions.  Another good source of help can be found in both the Kismet forum and the Netstumbler forum.
 

Frequently Asked Questions

I have collected a number of Frequently Asked Questions from the Red Hat + Kismet - HOWTO, and put them together in a FAQ document.  Follow this link to find the Red Hat + Kismet HOWTO - FAQ document.


Other Security Tools (instructions coming soon)

Airsnort – http://airsnort.shmoo.com
Wellenreiter – http://www.remote-exploit.org/
Tcpdump – http://www.tcpdump.org
Nmap – http://www.insecure.org
AirJack – http://802.11ninja.net 


To Do


Change Log

1/13/2003 - Added Database Server, Added Change Log
1/15/2003 - Added GPSDrive Instructions
1/21/2003 - Added ImageMagick Instructions
2/7/2003 - A couple of corrections (Thanks S. Seglie)
3/13/2003 - Don't know what exactly what change, but I found it's no longer necessary to recompile the Red Hat kernel. I believe that one of the Red Hat Kernel updates must have made a change to how it supports modules. If you need to recompile the kernel, you might try the old version of my HOWTO instructions.
3/18/2003 - Renamed the document to Red Hat 8.0 Kismet HOWTO because now I've added support for other wireless NIC drivers. Updated the versions of Ethereal and ImageMagick.
3/27/2003 - Removed some old language about the pcmcia-cs drivers
3/31/2003 - Fixed two small mistakes (Thanks Robert)
4/21/2003 - Mentioned that the process works with Red Hat 9.0
5/23/2003 - Reformatted the entire document.  Added internal document links.  Updated the versions used.
6/13/2003 - Updated a couple of versions.  Links to the FAQ.  Spelling mistake.
7/8/2003 - Updated how you start Kismet under devel.
8/13/2003 - Updated Orinoco, Ethereal, GPSDrive, and HostAP versions
9/26/2003 - Updated Ethereal, and GPSDrive versions


Questions/Concerns/Comments

Feel free to contact me at Ritchie@tipsybottle.com.


Credits

btrimble, J. Repucci (corrections), S. Seglie, Robert  

Copyright 2002 Tipsybottle.com. All Rights Reserved