Fórum Ubuntu CZ/SK
Ubuntu pro osobní počítače => Internet a sítě => Téma založeno: Šuohob 27 Července 2009, 21:34:33
-
Dobrý den, mám wifi od atherosu a potřeboval bych zprovoznit nějaký wifi scanner. Úsek z lshw:
*-network
description: Wireless interface
product: AR242x 802.11abg Wireless PCI Express Adapter
vendor: Atheros Communications Inc.
physical id: 0
bus info: pci@0000:02:00.0
logical name: wmaster0
version: 01
serial: xx:xx:xx:xx:xx:xx
width: 64 bits
clock: 33MHz
capabilities: bus_master cap_list logical ethernet physical wireless
configuration: broadcast=yes driver=ath5k_pci latency=0 module=ath5k multicast=yes wireless=IEEE 802.11bg
Vyzkoušel jsem dva scannery, kismet a SWScanner.
Kismet nešel spustit, tak jsem napsal do /etc/kismet/kismet.conf:
# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
source=madwifing_b,wlan0,ABG
Zkoušel jsem tam dopsat i source=madwifing_b,wmaster0,ABG, ale taky to nefungovalo:
root@notes:~# kismet
Launching kismet_server: //usr/bin/kismet_server
Suid priv-dropping disabled. This may not be secure.
No specific sources given to be enabled, all will be enabled.
Non-RFMon VAPs will be destroyed on multi-vap interfaces (ie, madwifi-ng)
Enabling channel hopping.
Enabling channel splitting.
NOTICE: Disabling channel hopping, no enabled sources are able to change channel.
Source 0 (ABG): Enabling monitor mode for madwifing_b source interface wlan0 channel 6...
ERROR: Unable to create VAP: Operation not supported
ERROR: Unable to create monitor-mode VAP
WARNING: wlan0 appears to not accept the Madwifi-NG controls. Will attempt to configure it as a standard Madwifi-old interface. If you are using madwifi-ng, be sure to set the source interface to the wifiX control interface, NOT athX
FATAL: Failed to retrieve list of private ioctls 95:Operation not supported
Done.
SWScanner se normálně spustí, zvolím síťovku wlan0 a dám skenovat, ale swscanner spadne kvůli přetečení paměti:
bohous@notes:~$ kdesudo swscanner
kbuildsycoca running...
Creating aplist...
Creating SWSconfig...
Creating MainWindow...
Creating gpserial...
Creating SWSystemTray...
Running SWScanner version: 0.2.2
if(lo)->127.0.0.1/255.0.0.0/0.0.0.0#### level: -73 noise: -237 (88)
Creating scanning thread...
Creating frmconfig...
Tables found: networks
Tables found: networks
Deleting frmconfig...
Deleting SWSconfig...
if(lo)->127.0.0.1/255.0.0.0/0.0.0.0#### level: -256 noise: -256 (0)
if(lo)->127.0.0.1/255.0.0.0/0.0.0.0#### level: -251 noise: -80 (0)
if(lo)->127.0.0.1/255.0.0.0/0.0.0.0#### level: -247 noise: -92 (38)
Warning: Driver for device wlan0 has been compiled with version 22
of Wireless Extension, while this program supports up to version 17.
Some things may be broken...
if(wlan0)->0.0.0.0/126.0.0.0/40.1.0.0#### level: -256 noise: -256 (0)
if(wlan0)->0.0.0.0/126.0.0.0/40.1.0.0#### level: -256 noise: -256 (0)
if(wlan0)->0.0.0.0/126.0.0.0/40.1.0.0#### level: -256 noise: -256 (0)
if(wlan0)->0.0.0.0/197.233.149.182/244.159.164.182#### level: -256 noise: -256 (0)
Starting a new scan thread!!
if(wlan0)->0.0.0.0/120.75.182.191/64.193.49.9#### level: -256 noise: -256 (0)
*** buffer overflow detected ***: swscanner terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb69e8da8]
/lib/tls/i686/cmov/libc.so.6[0xb69e6eb0]
swscanner(_ZN7QWidget6createEmbb+0x1329)[0x805d5f5]
swscanner[0x805d889]
swscanner[0x8073c6c]
/usr/lib/libqt-mt.so.3(_ZN15QThreadInstance5startEPv+0x7f)[0xb709a3cf]
/lib/tls/i686/cmov/libpthread.so.0[0xb6c8c4ff]
/lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0xb69cf49e]
======= Memory map: ========
08048000-080b8000 r-xp 00000000 08:03 2478698 /usr/bin/swscanner
080b8000-080b9000 r--p 00070000 08:03 2478698 /usr/bin/swscanner
080b9000-080ba000 rw-p 00071000 08:03 2478698 /usr/bin/swscanner
080ba000-080bb000 rw-p 080ba000 00:00 0
0918b000-0938e000 rw-p 0918b000 00:00 0 [heap]
b5d0d000-b5d0e000 ---p b5d0d000 00:00 0
b5d0e000-b650e000 rw-p b5d0e000 00:00 0
b650e000-b6570000 r-xp 00000000 08:03 2518708 /usr/lib/qt3/plugins/sqldrivers/libqsqlite.so
b6570000-b6573000 rw-p 00062000 08:03 2518708 /usr/lib/qt3/plugins/sqldrivers/libqsqlite.so
b6573000-b6597000 r-xp 00000000 08:03 2526388 /usr/lib/qt3/plugins/inputmethods/libqsimple.so
b6597000-b6598000 rw-p 00024000 08:03 2526388 /usr/lib/qt3/plugins/inputmethods/libqsimple.so
b6598000-b65a1000 r-xp 00000000 08:03 2526386 /usr/lib/qt3/plugins/inputmethods/libqimsw-multi.so
b65a1000-b65a2000 rw-p 00008000 08:03 2526386 /usr/lib/qt3/plugins/inputmethods/libqimsw-multi.so
b65a2000-b662e000 r--p 00000000 08:03 2690093 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans-Bold.ttf
b662e000-b66c6000 r--p 00000000 08:03 2690092 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
b66c6000-b66f6000 r-xp 00000000 08:03 2479371 /usr/lib/liblcms.so.1.0.18
b66f6000-b66f7000 r--p 00030000 08:03 2479371 /usr/lib/liblcms.so.1.0.18
b66f7000-b66f8000 rw-p 00031000 08:03 2479371 /usr/lib/liblcms.so.1.0.18
b66f8000-b66fa000 rw-p b66f8000 00:00 0
b66fa000-b6765000 r-xp 00000000 08:03 2479586 /usr/lib/libmng.so.1.1.0.9
b6765000-b6768000 rw-p 0006a000 08:03 2479586 /usr/lib/libmng.so.1.1.0.9
b677f000-b679d000 r-xp 00000000 08:03 2068545 /usr/lib/kde3/plugins/styles/plastik.so
b679d000-b679e000 r--p 0001d000 08:03 2068545 /usr/lib/kde3/plugins/styles/plastik.so
b679e000-b679f000 rw-p 0001e000 08:03 2068545 /usr/lib/kde3/plugins/styles/plastik.so
b679f000-b67a9000 r-xp 00000000 08:03 1856680 /lib/tls/i686/cmov/libnss_files-2.9.so
b67a9000-b67aa000 r--p 00009000 08:03 1856680 /lib/tls/i686/cmov/libnss_files-2.9.so
b67aa000-b67ab000 rw-p 0000a000 08:03 1856680 /lib/tls/i686/cmov/libnss_files-2.9.so
b67ab000-b67b4000 r-xp 00000000 08:03 1856684 /lib/tls/i686/cmov/libnss_nis-2.9.so
b67b4000-b67b5000 r--p 00008000 08:03 1856684 /lib/tls/i686/cmov/libnss_nis-2.9.so
b67b5000-b67b6000 rw-p 00009000 08:03 1856684 /lib/tls/i686/cmov/libnss_nis-2.9.so
b67b6000-b67cb000 r-xp 00000000 08:03 1856674 /lib/tls/i686/cmov/libnsl-2.9.so
b67cb000-b67cc000 r--p 00014000 08:03 1856674 /lib/tls/i686/cmov/libnsl-2.9.so
b67cc000-b67cd000 rw-p 00015000 08:03 1856674 /lib/tls/i686/cmov/libnsl-2.9.so
b67cd000-b67cf000 rw-p b67cd000 00:00 0
b67cf000-b67d6000 r-xp 00000000 08:03 1856676 /lib/tls/i686/cmov/libnss_compat-2.9.so
b67d6000-b67d7000 r--p 00006000 08:03 1856676 /lib/tls/i686/cmov/libnss_compat-2.9.so
b67d7000-b67d8000 rw-p 00007000 08:03 1856676 /lib/tls/i686/cmov/libnss_compat-2.9.so
b67d9000-b67e4000 r-xp 00000000 08:03 2526389 /usr/lib/qt3/plugins/inputmethods/libqxim.so
b67e4000-b67e5000 rw-p 0000a000 08:03 2526389 /usr/lib/qt3/plugins/inputmethods/libqxim.so
b67e5000-b67e9000 r-xp 00000000 08:03 2526387 /usr/lib/qt3/plugins/inputmethods/libqimsw-none.so
b67e9000-b67ea000 rw-p 00003000 08:03 2526387 /usr/lib/qt3/plugins/inputmethods/libqimsw-none.so
b67ea000-b67ee000 r-xp 00000000 08:03 2518908 /usr/lib/qt3/plugins/imageformats/libqmng.so
b67ee000-b67ef000 rw-p 00003000 08:03 2518908 /usr/lib/qt3/plugins/imageformats/libqmng.so
b67ef000-b67f5000 r--s 00000000 08:03 154721wlan0 Scan completed :
New AP found(01): B6:F9:42:16:9D:C8
KCrash: Application 'swscanner' crashing...
Could not find 'drkonqi' executable.
KCrash cannot reach kdeinit, launching directly.
A nakonec výpis ifconfig:
root@notes:~# ifconfig
eth0 Link encap:Ethernet HWadr xx:xx:xx:xx:xx:xx
inet6-adr: xxxx::xxx:xxxx:xxxx:xxxx/64 Rozsah:Linka
AKTIVOVÁNO VŠESMĚROVÉ_VYSÍLÁNÍ BĚŽÍ MULTICAST MTU:1500 Metrika:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:1 dropped:62 overruns:1 carrier:0
kolizí:0 délka odchozí fronty:1000
Přijato bajtů: 0 (0.0 B) Odesláno bajtů: 342 (342.0 B)
Přerušení:19 Vstupně/Výstupní port:0xdead
ppp0 Link encap:Point-to-Point Protokol
inet adr:xx.xx.xx.xx P-t-P:10.64.64.64 Maska:255.255.255.255
AKTIVOVÁNO POINTOPOINT BĚŽÍ NEARP MULTICAST MTU:1500 Metrika:1
RX packets:1035 errors:0 dropped:0 overruns:0 frame:0
TX packets:1164 errors:0 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:3
Přijato bajtů: 621174 (621.1 KB) Odesláno bajtů: 228444 (228.4 KB)
usb0 Link encap:Ethernet HWadr xx:xx:xx:xx:xx:xx
inet6-adr: xxxx::xxx:xxxx:xxxx:xxxx/64 Rozsah:Linka
AKTIVOVÁNO VŠESMĚROVÉ_VYSÍLÁNÍ BĚŽÍ MULTICAST MTU:1500 Metrika:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:1000
Přijato bajtů: 0 (0.0 B) Odesláno bajtů: 2178 (2.1 KB)
lo Link encap:Místní smyčka
inet adr:127.0.0.1 Maska:255.0.0.0
inet6-adr: ::1/128 Rozsah:Počítač
AKTIVOVÁNO SMYČKA BĚŽÍ MTU:16436 Metrika:1
RX packets:618 errors:0 dropped:0 overruns:0 frame:0
TX packets:618 errors:0 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:0
Přijato bajtů: 48744 (48.7 KB) Odesláno bajtů: 48744 (48.7 KB)
wlan0 Link encap:Ethernet HWadr xx:xx:xx:xx:xx:xx
AKTIVOVÁNO VŠESMĚROVÉ_VYSÍLÁNÍ MTU:1500 Metrika:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:1000
Přijato bajtů: 0 (0.0 B) Odesláno bajtů: 0 (0.0 B)
wmaster0 Link encap:NEZNÁM HWadr xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx
AKTIVOVÁNO VŠESMĚROVÉ_VYSÍLÁNÍ BĚŽÍ MTU:1500 Metrika:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:1000
Přijato bajtů: 0 (0.0 B) Odesláno bajtů: 0 (0.0 B)
Nevíte někdo jak alespoň jeden z těch scannerů rozchodit? Je mi jedno, jestli budu mít grafický klikátko, nebo ne. Nebo pokud víte o nějakym podobnym scanneru, který by v pořádku fungnstalovanýoval pod mojí wifi kartou, byl bych rád.
Děkuji za radu
Edit: Mám nainstalovaný driver madwifi http://wiki.ubuntu.cz/Atheros%20AR5007EG
-
mám podobný problém, source jsem přepisoval tolikrát a nic
-
ja uz ten kismet rozchodil, az zapnut notes, poslu ti sem konfigurak.
do te doby jsem pouzival iwlist scanning
-
Já právě vůbec nevím jak zjistím co mám napsat do source; teda vím co tam mám napsat ale jaksi mě to nechodí. Mám atherosku a realtek. Pro ten realtek jsem našel konfigurák na internetu
-
zdarec, tady mas /etc/kismet/kismet.conf
bohous@notes:~$ cat /etc/kismet/kismet.conf
# Kismet config file
# Most of the "static" configs have been moved to here -- the command line
# config was getting way too crowded and cryptic. We want functionality,
# not continually reading --help!
# Version of Kismet config
version=2007.09.R1
# Name of server (Purely for organizational purposes)
servername=Kismet
# User to setid to (should be your normal user)
#suiduser=your_user_here
# Do we try to put networkmanager to sleep? If you use NM, this is probably
# what you want to do, so that it will leave the interfaces alone while
# Kismet is using them. This requires DBus support!
networkmanagersleep=true
# Sources are defined as:
# source=sourcetype,interface,name[,initialchannel]
# Source types and required drivers are listed in the README under the
# CAPTURE SOURCES section.
# The initial channel is optional, if hopping is not enabled it can be used
# to set the channel the interface listens on.
# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
#source=none,none,addme
source=madwifi_ag,wifi0,madwifi
# Comma-separated list of sources to enable. This is only needed if you defined
# multiple sources and only want to enable some of them. By default, all defined
# sources are enabled.
# For example:
# enablesources=prismsource,ciscosource
# Automatically destroy VAPs on multi-vap interfaces (like madwifi-ng).
# Madwifi-ng doesn't work in rfmon when non-rfmon VAPs are present, however
# this is a fairly invasive change to the system so it CAN be disabled. Expect
# things not to work in most cases if you do disable it, however.
vapdestroy=true
# Do we channelhop?
channelhop=true
# How many channels per second do we hop? (1-10)
channelvelocity=5
# By setting the dwell time for channel hopping we override the channelvelocity
# setting above and dwell on each channel for the given number of seconds.
#channeldwell=10
# Do we split channels between cards on the same spectrum? This means if
# multiple 802.11b capture sources are defined, they will be offset to cover
# the most possible spectrum at a given time. This also controls splitting
# fine-tuned sourcechannels lines which cover multiple interfaces (see below)
channelsplit=true
# Basic channel hopping control:
# These define the channels the cards hop through for various frequency ranges
# supported by Kismet. More finegrain control is available via the
# "sourcechannels" configuration option.
#
# Don't change the IEEE80211<x> identifiers or channel hopping won't work.
# Users outside the US might want to use this list:
# defaultchannels=IEEE80211b:1,7,13,2,8,3,14,9,4,10,5,11,6,12
defaultchannels=IEEE80211b:1,6,11,2,7,3,8,4,9,5,10
# 802.11g uses the same channels as 802.11b...
defaultchannels=IEEE80211g:1,6,11,2,7,3,8,4,9,5,10
# 802.11a channels are non-overlapping so sequential is fine. You may want to
# adjust the list depending on the channels your card actually supports.
# defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,149,153,157,161,184,188,192,196,200,204,208,212,216
defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64
# Combo cards like Atheros use both 'a' and 'b/g' channels. Of course, you
# can also explicitly override a given source. You can use the script
# extras/listchan.pl to extract all the channels your card supports.
defaultchannels=IEEE80211ab:1,6,11,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64
# Fine-tuning channel hopping control:
# The sourcechannels option can be used to set the channel hopping for
# specific interfaces, and to control what interfaces share a list of
# channels for split hopping. This can also be used to easily lock
# one card on a single channel while hopping with other cards.
# Any card without a sourcechannel definition will use the standard hopping
# list.
# sourcechannels=sourcename[,sourcename]:ch1,ch2,ch3,...chN
# ie, for us channels on the source 'prism2source' (same as normal channel
# hopping behavior):
# sourcechannels=prism2source:1,6,11,2,7,3,8,4,9,5,10
# Given two capture sources, "prism2a" and "prism2b", we want prism2a to stay
# on channel 6 and prism2b to hop normally. By not setting a sourcechannels
# line for prism2b, it will use the standard hopping.
# sourcechannels=prism2a:6
# To assign the same custom hop channel to multiple sources, or to split the
# same custom hop channel over two sources (if splitchannels is true), list
# them all on the same sourcechannels line:
# sourcechannels=prism2a,prism2b,prism2c:1,6,11
# Port to serve GUI data
tcpport=2501
# People allowed to connect, comma seperated IP addresses or network/mask
# blocks. Netmasks can be expressed as dotted quad (/255.255.255.0) or as
# numbers (/24)
allowedhosts=127.0.0.1
# Address to bind to. Should be an address already configured already on
# this host, reverts to INADDR_ANY if specified incorrectly.
bindaddress=127.0.0.1
# Maximum number of concurrent GUI's
maxclients=5
# Do we have a GPS?
gps=false
# Host:port that GPSD is running on. This can be localhost OR remote!
gpshost=localhost:2947
# Do we lock the mode? This overrides coordinates of lock "0", which will
# generate some bad information until you get a GPS lock, but it will
# fix problems with GPS units with broken NMEA that report lock 0
gpsmodelock=false
# Packet filtering options:
# filter_tracker - Packets filtered from the tracker are not processed or
# recorded in any way.
# filter_dump - Packets filtered at the dump level are tracked, displayed,
# and written to the csv/xml/network/etc files, but not
# recorded in the packet dump
# filter_export - Controls what packets influence the exported CSV, network,
# xml, gps, etc files.
# All filtering options take arguments containing the type of address and
# addresses to be filtered. Valid address types are 'ANY', 'BSSID',
# 'SOURCE', and 'DEST'. Filtering can be inverted by the use of '!' before
# the address. For example,
# filter_tracker=ANY(!00:00:DE:AD:BE:EF)
# has the same effect as the previous mac_filter config file option.
# filter_tracker=...
# filter_dump=...
# filter_export=...
# Alerts to be reported and the throttling rates.
# alert=name,throttle/unit,burst/unit
# The throttle/unit describes the number of alerts of this type that are
# sent per time unit. Valid time units are second, minute, hour, and day.
# Burst rates control the number of packets sent at a time
# For example:
# alert=FOO,10/min,5/sec
# Would allow 5 alerts per second, and 10 alerts total per minute.
# A throttle rate of 0 disables throttling of the alert.
# See the README for a list of alert types.
alert=NETSTUMBLER,10/min,1/sec
alert=WELLENREITER,10/min,1/sec
alert=LUCENTTEST,10/min,1/sec
alert=DEAUTHFLOOD,10/min,2/sec
alert=BCASTDISCON,10/min,2/sec
alert=CHANCHANGE,5/min,1/sec
alert=AIRJACKSSID,5/min,1/sec
alert=PROBENOJOIN,10/min,1/sec
alert=DISASSOCTRAFFIC,10/min,1/sec
alert=NULLPROBERESP,10/min,1/sec
alert=BSSTIMESTAMP,10/min,1/sec
alert=MSFBCOMSSID,10/min,1/sec
alert=LONGSSID,10/min,1/sec
alert=MSFDLINKRATE,10/min,1/sec
alert=MSFNETGEARBEACON,10/min,1/sec
alert=DISCONCODEINVALID,10/min,1/sec
alert=DEAUTHCODEINVALID,10/min,1/sec
# Known WEP keys to decrypt, bssid,hexkey. This is only for networks where
# the keys are already known, and it may impact throughput on slower hardware.
# Multiple wepkey lines may be used for multiple BSSIDs.
# wepkey=00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900
# Is transmission of the keys to the client allowed? This may be a security
# risk for some. If you disable this, you will not be able to query keys from
# a client.
allowkeytransmit=true
# How often (in seconds) do we write all our data files (0 to disable)
writeinterval=300
# How old (and inactive) does a network need to be before we expire it?
# This is really only good for limited ram environments where keeping a
# total log of all networks is problematic. This is in seconds, and should
# be set to a large value like 12 or 24 hours. This is intended for use
# on stationary systems like an IDS
# logexpiry=86400
# Do we limit the number of networks we log? This is for low-ram situations
# when tracking everything could lead to the system falling down. This
# should be combined with a sane logexpiry value to flush out very old
# inactive networks. This is mainly for stationary systems like an IDS.
# limitnets=10000
# Do we track IVs? this can help identify some attacks, but takes a LOT
# of memory to do so on a busy network. If you have the RAM, by all
# means turn it on.
trackivs=false
# Do we use sound?
# Not to be confused with GUI sound parameter, this controls wether or not the
# server itself will play sound. Primarily for headless or automated systems.
sound=false
# Path to sound player
soundplay=/usr/bin/play
# Optional parameters to pass to the player
# soundopts=--volume=.3
# New network found
sound_new=//usr/share/kismet/wav/new_network.wav
# Wepped new network
# sound_new_wep=${prefix}/com/kismet/wav/new_wep_network.wav
# Network traffic sound
sound_traffic=//usr/share/kismet/wav/traffic.wav
# Network junk traffic found
sound_junktraffic=//usr/share/kismet/wav/junk_traffic.wav
# GPS lock aquired sound
# sound_gpslock=//usr/share/kismet/wav/foo.wav
# GPS lock lost sound
# sound_gpslost=//usr/share/kismet/wav/bar.wav
# Alert sound
sound_alert=//usr/share/kismet/wav/alert.wav
# Does the server have speech? (Again, not to be confused with the GUI's speech)
speech=false
# Server's path to Festival
festival=/usr/bin/festival
# Are we using festival lite? If so, set the above "festival" path to also
# point to the "flite" binary
flite=false
# Are we using Darwin speech?
darwinsay=false
# What voice do we use? (Currently only valid on Darwin)
speech_voice=default
# How do we speak? Valid options:
# speech Normal speech
# nato NATO spellings (alpha, bravo, charlie)
# spell Spell the letters out (aye, bee, sea)
speech_type=nato
# speech_encrypted and speech_unencrypted - Speech templates
# Similar to the logtemplate option, this lets you customize the speech output.
# speech_encrypted is used for an encrypted network spoken string
# speech_unencrypted is used for an unencrypted network spoken string
#
# %b is replaced by the BSSID (MAC) of the network
# %s is replaced by the SSID (name) of the network
# %c is replaced by the CHANNEL of the network
# %r is replaced by the MAX RATE of the network
speech_encrypted=New network detected, s.s.i.d. %s, channel %c, network encrypted.
speech_unencrypted=New network detected, s.s.i.d. %s, channel %c, network open.
# Where do we get our manufacturer fingerprints from? Assumed to be in the
# default config directory if an absolute path is not given.
ap_manuf=ap_manuf
client_manuf=client_manuf
# Use metric measurements in the output?
metric=false
# Do we write waypoints for gpsdrive to load? Note: This is NOT related to
# recent versions of GPSDrive's native support of Kismet.
waypoints=false
# GPSDrive waypoint file. This WILL be truncated.
waypointdata=%h/.gpsdrive/way_kismet.txt
# Do we want ESSID or BSSID as the waypoint name ?
waypoint_essid=false
# How many alerts do we backlog for new clients? Only change this if you have
# a -very- low memory system and need those extra bytes, or if you have a high
# memory system and a huge number of alert conditions.
alertbacklog=50
# File types to log, comma seperated
# dump - raw packet dump
# network - plaintext detected networks
# csv - plaintext detected networks in CSV format
# xml - XML formatted network and cisco log
# weak - weak packets (in airsnort format)
# cisco - cisco equipment CDP broadcasts
# gps - gps coordinates
logtypes=dump,network,csv,xml,weak,cisco,gps
# Do we track probe responses and merge probe networks into their owners?
# This isn't always desireable, depending on the type of monitoring you're
# trying to do.
trackprobenets=true
# Do we log "noise" packets that we can't decipher? I tend to not, since
# they don't have anything interesting at all in them.
noiselog=false
# Do we log corrupt packets? Corrupt packets have enough header information
# to see what they are, but someting is wrong with them that prevents us from
# completely dissecting them. Logging these is usually not a bad idea.
corruptlog=true
# Do we log beacon packets or do we filter them out of the dumpfile
beaconlog=true
# Do we log PHY layer packets or do we filter them out of the dumpfile
phylog=true
# Do we mangle packets if we can decrypt them or if they're fuzzy-detected
mangledatalog=true
# Do we do "fuzzy" crypt detection? (byte-based detection instead of 802.11
# frame headers)
# valid option: Comma seperated list of card types to perform fuzzy detection
# on, or 'all'
fuzzycrypt=wtapfile,wlanng,wlanng_legacy,wlanng_avs,hostap,wlanng_wext,ipw2200,ipw2915
# Do we do forgiving fuzzy packet decoding? This lets us handle borked drivers
# which don't indicate they're including FCS, and then do.
fuzzydecode=wtapfile,radiotap_bsd_a,radiotap_bsd_g,radiotap_bsd_bg,radiotap_bsd_b,pcapfile
# Do we use network-classifier fuzzy-crypt detection? This means we expect
# packets that are associated with an encrypted network to be encrypted too,
# and we process them by the same fuzzy compare.
# This essentially replaces the fuzzycrypt per-source option.
netfuzzycrypt=true
# What type of dump do we generate?
# valid option: "wiretap"
dumptype=wiretap
# Do we limit the size of dump logs? Sometimes ethereal can't handle big ones.
# 0 = No limit
# Anything else = Max number of packets to log to a single file before closing
# and opening a new one.
dumplimit=0
# Do we write data packets to a FIFO for an external data-IDS (such as Snort)?
# See the docs before enabling this.
#fifo=/tmp/kismet_dump
# Default log title
logdefault=Kismet
# logtemplate - Filename logging template.
# This is, at first glance, really nasty and ugly, but you'll hardly ever
# have to touch it so don't complain too much.
#
# %n is replaced by the logging instance name
# %d is replaced by the current date as Mon-DD-YYYY
# %D is replaced by the current date as YYYYMMDD
# %t is replaced by the starting log time
# %i is replaced by the increment log in the case of multiple logs
# %l is replaced by the log type (dump, status, crypt, etc)
# %h is replaced by the home directory
# ie, "netlogs/%n-%d-%i.dump" called with a logging name of "Pok" could expand
# to something like "netlogs/Pok-Dec-20-01-1.dump" for the first instance and
# "netlogs/Pok-Dec-20-01-2.%l" for the second logfile generated.
# %h/netlots/%n-%d-%i.dump could expand to
# /home/foo/netlogs/Pok-Dec-20-01-2.dump
#
# Other possibilities: Sorting by directory
# logtemplate=%l/%n-%d-%i
# Would expand to, for example,
# dump/Pok-Dec-20-01-1
# crypt/Pok-Dec-20-01-1
# and so on. The "dump", "crypt", etc, dirs must exist before kismet is run
# in this case.
logtemplate=/var/log/kismet/%n-%d-%i.%l
# Where do we store the pid file of the server?
piddir=/var/run/
# Where state info, etc, is stored. You shouldnt ever need to change this.
# This is a directory.
configdir=/var/lib/kismet/
# cloaked SSID file. You shouldn't ever need to change this.
ssidmap=ssid_map
# Group map file. You shouldn't ever need to change this.
groupmap=group_map
# IP range map file. You shouldn't ever need to change this.
ipmap=ip_map
bohous@notes:~$
a tady vypis ifconfig
bohous@notes:~$ ifconfig
ath0 Link encap:Ethernet HWadr xx:xx:xx:xx:xx:xx
inet6-adr: fe80::216:44ff:fe8d:3903/64 Rozsah:Linka
AKTIVOVÁNO VŠESMĚROVÉ_VYSÍLÁNÍ MULTICAST MTU:1500 Metrika:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:0
Přijato bajtů: 0 (0.0 B) Odesláno bajtů: 0 (0.0 B)
eth0 Link encap:Ethernet HWadr xx:xx:xx:xx:xx:xx
inet adr:10.0.0.5 Všesměr:10.0.0.7 Maska:255.255.255.248
inet6-adr: fe80::21e:33ff:fe02:d7bc/64 Rozsah:Linka
AKTIVOVÁNO VŠESMĚROVÉ_VYSÍLÁNÍ BĚŽÍ MULTICAST MTU:1500 Metrika:1
RX packets:1602 errors:0 dropped:0 overruns:0 frame:0
TX packets:1679 errors:0 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:1000
Přijato bajtů: 1520218 (1.5 MB) Odesláno bajtů: 267426 (267.4 KB)
Přerušení:19 Vstupně/Výstupní port:0xdead
lo Link encap:Místní smyčka
inet adr:127.0.0.1 Maska:255.0.0.0
inet6-adr: ::1/128 Rozsah:Počítač
AKTIVOVÁNO SMYČKA BĚŽÍ MTU:16436 Metrika:1
RX packets:63 errors:0 dropped:0 overruns:0 frame:0
TX packets:63 errors:0 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:0
Přijato bajtů: 9032 (9.0 KB) Odesláno bajtů: 9032 (9.0 KB)
wifi0 Link encap:NEZNÁM HWadr xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx
AKTIVOVÁNO VŠESMĚROVÉ_VYSÍLÁNÍ BĚŽÍ MULTICAST MTU:1500 Metrika:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:283 errors:0 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:280
Přijato bajtů: 0 (0.0 B) Odesláno bajtů: 13018 (13.0 KB)
Přerušení:16
-
pomohlo?
-
Zrovna teď si s tím hraji.
Nepomohlo to ;D
ath0 Link encap:Ethernet HWadr 00:c0:a8:b1:1b:3a
inet adr:66.129.72.122 Všesměr:66.129.255.255 Maska:255.255.0.0
inet6-adr: fe80::2c0:a8ff:feb1:1b3a/64 Rozsah:Linka
AKTIVOVÁNO VŠESMĚROVÉ_VYSÍLÁNÍ BĚŽÍ MULTICAST MTU:1500 Metrika:1
RX packets:1780 errors:0 dropped:0 overruns:0 frame:0
TX packets:2019 errors:0 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:0
Přijato bajtů: 1611205 (1.6 MB) Odesláno bajtů: 448449 (448.4 KB)
eth0 Link encap:Ethernet HWadr 00:40:d0:90:8a:97
AKTIVOVÁNO VŠESMĚROVÉ_VYSÍLÁNÍ MULTICAST MTU:1500 Metrika:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:1000
Přijato bajtů: 0 (0.0 B) Odesláno bajtů: 0 (0.0 B)
Přerušení:23 Vstupně/Výstupní port:0xa000
lo Link encap:Místní smyčka
inet adr:127.0.0.1 Maska:255.0.0.0
inet6-adr: ::1/128 Rozsah:Počítač
AKTIVOVÁNO SMYČKA BĚŽÍ MTU:16436 Metrika:1
RX packets:52 errors:0 dropped:0 overruns:0 frame:0
TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:0
Přijato bajtů: 3696 (3.6 KB) Odesláno bajtů: 3696 (3.6 KB)
wifi0 Link encap:NEZNÁM HWadr 00-C0-A8-B1-1B-3A-00-00-00-00-00-00-00-00-00-00
AKTIVOVÁNO VŠESMĚROVÉ_VYSÍLÁNÍ BĚŽÍ MULTICAST MTU:1500 Metrika:1
RX packets:6413 errors:0 dropped:0 overruns:0 frame:182
TX packets:2186 errors:4 dropped:0 overruns:0 carrier:0
kolizí:0 délka odchozí fronty:199
Přijato bajtů: 3165851 (3.1 MB) Odesláno bajtů: 517695 (517.6 KB)
Přerušení:19
-
a kurna..
zkus sem dat vypis z lshw, tam kde mas wifinu, jako ja v prvnim prizpevku
-
No, pokud by ti stačilo jen zobrazení v konzole, co tak zkusit aircrack-ng? Jeho součástí je airodump-ng. Je to vcelku podobné jako Kismet.
Nebo je taky možnost použít i LiveCD BackTrack 4, ten je taky založen na Ubuntu. Tam Kismet jede ok. To už je na tobě ;)
-
Bohouš
-network:0
description: Wireless interface
product: AR2413 802.11bg NIC
vendor: Atheros Communications Inc.
physical id: 6
bus info: pci@0000:00:06.0
logical name: wifi0
version: 01
serial: 00:c0:a8:b1:1b:3a
width: 32 bits
clock: 33MHz
capabilities: bus_master cap_list logical ethernet physical wireless
configuration: broadcast=yes driver=ath_pci ip=66.129.72.122 latency=168 maxlatency=28 mingnt=10 module=ath_pci multicast=yes wireless=IEEE 802.11g
jabr
to mě nestačí, rád bych tam viděl nějaký graf signálu atd. Jinak BT4 používám jedině pod Windows s VmWare a usb wifinou vhodnou na hacking. Ale nějaký ten prvotní scan bych rád měl i na Ubuntu.
-
Ten svuj konfigurak jsem vyzkousel i na ubuntu 10.04 a funguje. zkus jeste zkouset (ja s tim taky drive docela zapasil), nebo hledat, jak vidis, tak to jde
-
No budu muset, ;D
hale a když bys měl 2 wifiny tak jak se nastaví source? Abych to nemusel pokaždý přepisovat.
-
podle tohoto popisu:
# Sources are defined as:
# source=sourcetype,interface,name[,initialchannel]
# Source types and required drivers are listed in the README under the
# CAPTURE SOURCES section.
# The initial channel is optional, if hopping is not enabled it can be used
# to set the channel the interface listens on.
# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
#source=none,none,addme
source=madwifi_ag,wifi0,madwifi
kdys tam napises sitovku, kterou pouzivas, dejme tomu wifi0, tak uz nemusis nic resit ne?
Jeste to zkusim prozkouset, az zapnu notes
-
No já už opravdu nevím. Zkusil jsem jak madwifi tak madwifi_ng ovladače.
konfigurace source by měla být - source=madwifi_b,wlan0,madwifi nebo source=madwifing_b,ath0,madwifi. Bohužel ani jedno nefunguje
sudo kismet pro source=madwifi_b,wlan0,madwifi a source=madwifing_b,wlan0,ABG
Launching kismet_server: //usr/bin/kismet_server
Suid priv-dropping disabled. This may not be secure.
No specific sources given to be enabled, all will be enabled.
Non-RFMon VAPs will be destroyed on multi-vap interfaces (ie, madwifi-ng)
Enabling channel hopping.
Enabling channel splitting.
NOTICE: Disabling channel hopping, no enabled sources are able to change channel.
Source 0 (ABG): Enabling monitor mode for madwifi_b source interface wlan0 channel 6...
ERROR: Unable to create VAP: Operation not supported
ERROR: Unable to create monitor-mode VAP
WARNING: wlan0 appears to not accept the Madwifi-NG controls. Will attempt to configure it as a standard Madwifi-old interface. If you are using madwifi-ng, be sure to set the source interface to the wifiX control interface, NOT athX
FATAL: Failed to retrieve list of private ioctls 95:Operation not supported
Done.
-
hm, nemel bys tam mit misto wlan0 wifi0? ve vypisu ifconfig mas wifi0...
-
ne je tam opravdu wlan0. taky mě to zarazilo když jsem pročítal jedno fórum o kismetu.
-
ne je tam opravdu wlan0. taky mě to zarazilo když jsem pročítal jedno fórum o kismetu.
V tom výpisu co jste poslal ríkají, že wlan0 není akceptovaná s ovladačem madwifi-ng. Pokud ho používáte (píšete, že ano) máte se ujistit, že jako zdrojový rozhraní vyberete wifiX. Tak by tam to wlan0 být němělo ne?
WARNING: wlan0 appears to not accept the Madwifi-NG controls. Will attempt to configure it as a standard Madwifi-old interface. If you are using madwifi-ng, be sure to set the source interface to the wifiX control interface, NOT athX.
-
no to mě právě jasný moc není. Wlan0 to ukazuje v shellu, kontroloval jsem to několikrát jedná se o Atheros AR5005G
Za ten rok a půl co mám nainstalované ubutnu je možné že jsem s tím něco dělal. Koncem týdne přejdu na 10.04 tak doufám že se to nějak samo vyřeší. >:(
EDIT: I v novém Ubuntu je to wlan0, nechápu