Installing GPSD

Topics in this article:

• Using the Global Positioning System Daemon (GPSD) with Kismet
• Configuring Kismet
• Starting Kismet
• WarDriving Using Kismet
  

Introduction

 

Now that you have installed Kismet (In a previous chapter of the book), you are ready to begin configuring and using it on your Linux distribution of choice. Unlike NetStumbler, which is basically ready to use once it is installed, Kismet requires some post-installation configuration in order to be functional. This chapter will detail that post-installation configuration.

First, we???ll take a look at installing and configuring the Global Positioning System Daemon (GPSD) for use with Kismet.

Using the Global Positioning System Daemon (GPSD) with Kismet

In order to map the WarDrive results garnered with Kismet, you need to install and configure GPSD. GPSD is a Linux add-on daemon written by Russ Nelson and is available for download at: www.pygps.org/gpsd/downloads/. The current version of GPSD is gspd-1.10. This section details the installation and usage of GPSD with Kismet.

NOTE:

GPSD is not required in order to successfully use Kismet. If you do not intend to map your results, you can skip this section.

Installing GPSD

Installing GPSD is a very straightforward process. First, download gpsd-1.10.tar.gz from www.pygps.org/gpsd/downloads/gpsd-1.10.tar.gz, as shown in Figure 6.1.

Figure 6.1 Downloading GPSD

Next, you need to make sure that you have changed to the root user, as shown in Figure 6.2, if you have not done so already.

Figure 6.2 Becoming the Root User

NOTE:

All of the examples and screenshots were done in Slackware Linux 9.1; however, the steps taken and commands required are the same regardless of the Linux version you are using.

Ck3k provided the USB cable screenshot shown later in Figure 6.12, which was also done in Slackware Linux 9.1.

Now you are ready to begin the installation of GPSD. First, you need to uncompress and untar the gpsd-1.10.tar.gz file, as shown in Figure 6.3.

Figure 6.3 Uncompressing and Untarring GPSD

This creates the gpsd-1.10 directory tree. Next, change directory to gpsd-1.10, as shown in Figure 6.4.

Figure 6.4 Changing to the gpsd-1.10 Directory

Once the GPSD installation scripts are uncompressed and untarred, the installation of GPSD is a simple three-step process.

1. Execute the configure script.

2. Compile the GPSD binaries.

3. Copy the GPSD binaries to your desired location.

First, you need to execute the configure script. Like most Unix-style configure scripts, this is accomplished by issuing the ./configure command, as shown in Figure 6.5. The './' in front of configure indicates that the configure file in the current, or ???./???, directory should be executed.

Figure 6.5 Executing the Configure Script

Next, issue the make command, as shown in Figure 6.6, to compile the GPSD binaries.

Figure 6.6 Compiling the GPSD Binaries with make

Next, the GPSD binaries (gps and gpsd) need to be copied to the locations from which they can be executed. The app-defaults file also needs to be copied to the appropriate directory. Issuing the make install command, as shown in Figure 6.7, accomplishes this.

Figure 6.7 Issuing the make install Command

Now you have successfully installed GPSD and are ready to start the daemon and use it with Kismet. You can verify that the gps and gpsd binaries were successfully copied to the appropriate directories by issuing the which command for each, as shown in Figure 6.8. The output of which displays the full path to the command that it was issued against.

Figure 6.8 Verifying the Installation of GPS and GPSD

Starting GPSD

There are two ways to use GPSD with Kismet.

• Serial Data Cable
• USB Data Cable

In the following two sections, you will be shown the commands required to start GPSD with each.

?· Starting GPSD with Serial Data Cable

The most common way to use GPSD is with a serial data cable.

Notes from the Underground???

Connecting the GPS Serial Data Cable

Because of the nature of serial ports, it is a good idea to connect your GPS??? serial data cable prior to booting your Linux distribution. If you connect your serial data cable after Linux has already booted, it may or may not be recognized.

Connect your GPS??? serial data cable to your serial port with the computer turned off. Next, turn on your GPS unit and allow it time to acquire a signal. Once a signal is received, you need to start the GPS daemon, as shown in Figure 6.9.

Figure 6.9 Starting GPSD with a Serial Data Cable

NOTE:

You must have root privileges to start the GPSD.

This starts GPSD listening on port 2947. You can verify that GPSD is listening on this port by opening a Telnet session to it, as shown in Figure 6.10. You can also verify that the process started using the ps -ef command, as shown in Figure 6.11.

Figure 6.10 Establishing a Telnet Session with GPSD

Figure 6.11 Viewing the GPSD Process

Tools & Traps???

GPS Data Formats

It is very important to use the correct data format on your GPS unit in order for Kismet to correctly receive GPS data. Many GPS units support more than one format. For instance, Garmin GPS units support seven different output formats:

1. Garmin Proprietary Format

2. Garmin Differential Global Positioning System (DGPS) Format

3. National Marine Electronics Association (NMEA) Format

4. Text Format

5. Radio Technical Commission for Maritime (RTCM) Services Format

6. RTCM/NMEA Format

7. RTCM/Text Format

Some WarDriving applications, like NetStumbler, support multiple formats. NetStumbler supports both NMEA and Garmin proprietary formats. In order for Kismet to correctly gather GPS data, however, you must set your GPS Unit to NMEA Format. If you are unsure how to set your GPS unit to NMEA format, refer to the users guide that came with the unit.

?· Starting GPSD with USB Data Cable

Many newer laptops do not ship with a Serial port. This poses a problem for many WarDrivers because most data cables that can be purchased for handheld GPS units require a serial port. Those of you in this situation should not be overly concerned; there is another option available to you. Simply purchase a Serial to USB adapter (Belkin makes one that many WarDrivers have had success with) and connect your data cable to it. Then, issue the command shown in Figure 6.12 to start GPSD.

Figure 6.12 Starting GPSD with a USB Data Cable

NOTE:

You must have root privileges to start the GPSD.

Configuring Kismet

Now that you have installed Kismet and GPSD, you are ready to modify the Kismet configuration files so that Kismet will work on your system. Unlike many Windows programs (such as NetStumbler) that will work as soon as they are installed, Kismet must be tailored to your specific system.

Modifying the kismet.conf File

Before Kismet will work on your system, you need to customize the kismet.conf file (found in /usr/local/etc/) to your environment. Using your favorite text editor (vi, pico, emacs, and so on) open /usr/local/etc/kismet.conf for editing, as shown in Figure 6.13.

Figure 6.13 Editing the /usr/local/kismet.conf File

NOTE:

You must have root privileges to edit the kismet.conf file.

Figure 6.14 shows the kismet.conf file open for editing.

Figure 6.14 Preparing to Edit the kismet.conf file

?· Setting an suiduser

Unless you compiled Kismet with the ???suid-root??? option, which is an extremely insecure way to use Kismet, you first need to set an suiduser in the kismet.conf file, as shown in Figure 6.15. This is the user that Kismet will run as and should be a normal user account.

Figure 6.15 Setting the suiduser Variable

?· Enabling Support for Hermes Cards

By default, the kismet.conf file is configured for use with Cisco cards. In order to use Kismet with your ORiNOCO, or other Hermes chipset??“based card, you must edit the kismet.conf file to recognize and use your ORiNOCO card. First, comment out the line for the Cisco card by placing a ???#??? in front of the line. Then, remove the ???#??? in front of the ORiNOCO line, as shown in Figure 6.16.

Figure 6.16 Editing the kismet.conf File to Use Your ORiNOCO Card

Next, you may need to change the device to be used by Kismet. By default, the ORiNOCO line is set to use eth0 as your capture device. If your system uses eth1, eth2, or a different device, this needs to be edited appropriately. Figure 6.16 shows the proper configuration for an ORiNOCO card configured as eth0.

?· Enabling Support for Prism 2 Cards

If you are using a Prism 2??“based card, you also need to edit the kismet.conf file appropriately. First, comment out the line for the Cisco card by placing a ???#??? in front of the line. Then, remove the ???#??? in front of the Prism2 line, as shown in Figure 6.17.

Figure 6.17 Editing the kismet.conf File to Use Your Prism 2 Card

Next, you need to change the device to be used by Kismet. By default, the Prism2 line is set to use wlan0 as your capture device. If your system uses wlan1, wlan2, or a different device, this needs to be edited appropriately. Figure 6.17 shows the proper configuration for a Prism 2??“card configured as wlan0.

?· Setting the Channel-Hopping Intervals

Next, you need to set the channel-hopping interval. This is the number of times that Kismet will force the card to monitor a different channel per second. By default, this value is set to five. To monitor more channels per second you need to increase this value. To monitor fewer channels per second, this value needs to be decreased. Figure 6.18 shows a kismet.conf file that has been configured to change channels, or ???hop,??? seven times per second.

Figure 6.18 Kismet is Configured to Hop Seven Channels Per Second

If you wanted to monitor only one specific channel, you should set the channelhop value to ???false???, as shown in Figure 6.19.

Figure 6.19 Disabling Channel Hopping

?· Enabling GPS Support

The last setting you need to configure in the kismet.conf file is the GPS support. If you intend to use GPSD, as shown earlier in this chapter, then the default settings in the kismet.conf file are acceptable. As Figure 6.20 shows, by default, Kismet is configured to use a GPS device and listen on port 2947.

Figure 6.20 Kismet Is Configured to Use a GPS

If you don???t intend to use a GPS, then the ???gps??? value should be changed to false, as shown in Figure 6.21.

Figure 6.21 Kismet Is Configured for Use without a GPS

Starting Kismet

Now that Kismet is installed and the configuration file, kismet.conf, has been tailored to your system, you are ready to start Kismet. As you recall, we set a normal user account as the suiduser. Logic dictates that this is the user we should be logged in as to start Kismet. As Figure 6.22 shows, this is not the case.

Figure 6.22 Kismet Fails to Start as suiduser

Using the suiduser account, does not work because the normal user does not have write permission to set the process identification number file (kismet_server.pid) in the /var/run/ directory tree. This is easily overcome. Change to the root user using the su command. Normally, when we do this, we use the su - command (shown in Figure 6.23).

Figure 6.23 Changing to root Using su ??“

As you can see in Figure 6.24, however, this doesn???t work either.

Figure 6.24 Kismet Fails to Start as root

This time, permission is denied when Kismet attempts to write the dump file. How can this be? The root account has permission to write to any directory so it should be able to write the dump file. While this is true, as you can see in Figure 6.25, Kismet already dropped our privileges to the suiduser (in this case ???chris???) and our working directory is /root, which is owned by the root user.

Figure 6.25 Privileges Are Dropped to the suiduser

If you can???t start Kismet as a normal user, and you can???t start Kismet as root, how can you start Kismet? You need to have root privileges without the root environment. The su - command changes to the root user in the root environment. If you just issue the su command (as your normal user) without the ???-??? appended, you gain root privileges, but maintain your normal user environment. The difference is shown in Figure 6.26.

Figure 6.26 The Difference between su - and su

As you can see, you now have root privileges, but have maintained your normal user environment. Now Kismet can be started successfully, as shown in Figure 6.27.

Figure 6.27 Kismet Starting

Once Kismet has run through its startup procedure, it begins to identify access points, as shown in Figure 6.28.

Figure 6.28 Kismet Running

Now that you have successfully started Kismet, you are ready to WarDrive. In the next section, we???ll look at the Kismet interface and how to successfully navigate it.

WarDriving Using Kismet

In order to successfully utilize Kismet, you need to understand the user interface. This section explains the information displayed on the Kismet user interface, and the keyboard commands used to successfully navigate Kismet.

The Kismet User Interface

The Kismet user interface, as shown in Figure 6.29, is divided into three frames:

Figure 6.29 The Initial Kismet User Interface

1. The Network Display

2. The Statistics Frame

3. The Status Frame

?· The Network Display

The Network Display (Figure 6.30) lists the Service Set Identifiers (SSIDs) of any found wireless networks. This frame covers most of the Kismet user interface.

Figure 6.30 The Network Display

The lower left-hand corner of the Network Display shows the GPS information if you have a successful connection to GPSD.

?· The Statistics Frame

The Statistics frame (Figure 6.31) is on the right side of the interface and lists the following:

• The total number of networks found (Ntwrks)
• The total number of packets captured (Pckets)
• The number of encrypted packets captured (Cryptd)
• The number of packets with weak initialization vectors (Weak)
• The amount of noise (Noise)
• The number of packets discarded (Discrd)
• The number of packets captured per second (Pkts/s)
• The type of card used (orinoc, prism, and so on)
• The Channel currently being sniffed (Ch:)
• The Time Kismet has been running (Elapsd)

Figure 6.31 The Statistics Frame

?· The Status Frame

The Status frame (see Figure 6.32) maintains a scrolling display of all networks found and, if applicable, the Battery status.

Figure 6.32 The Status Frame

Keyboard Commands

To get help in Kismet, simply type the letter h while the Kismet display is in the active window. This brings up the Help display, as shown in Figures 6.33 and 6.34.

Figure 6.33 The Help Display Begins

Figure 6.34 The Help Display Continues

Kismet responds to the keyboard commands shown in Figure 6.33 by performing a specific action. For example, to stop channel hopping and stay on the current channel, type a capital L. Typing a lowercase l, on the other hand, opens the wireless card power??“level popup window.

Tools & Traps???

Removing the Kismet Welcome Popup Permanently

When you start Kismet 4.0.1, a Welcome message (shown in Figure 6.35) is superimposed over the Kismet user interface. Pressing the spacebar closes this window, but the next time you start Kismet, the Welcome message is back.

Figure 6.35 The Initial Kismet Popup

First, using the su command, change to the root user. Next, change to the /usr/local/etc directory, as shown in Figure 6.36.

Figure 6.36 Changing to the /usr/local/etc Directory

Using your favorite editor, open the kismet_ui.conf file, as shown in Figure 6.37.

Figure 6.37 Editing the kismet_ui.conf File

Change the value of the showintro variable from true to false, as shown in Figure 6.38.

Figure 6.38 Changing the showintro Value

Now, save the changes you made to kismet_ui.conf and restart Kismet. The Welcome message is no longer displayed on startup (see Figure 6.39).

Figure 6.39 The Welcome Message No Longer Appears

While Kismet is running, Kismet data is automatically saved. When you have finished WarDriving, simply type a capital Q to quit Kismet and close the application. Since your card was in monitor mode, you need to either restart the PCMCIA services or reboot your system to resume normal wireless network usage.

Summary

Kismet is a very powerful tool for WarDrivers that prefer to use Linux. Unlike some other WarDriving programs, some configuration is required so that Kismet will work with your system. First, if you want to log the coordinates of the access points you discover with Kismet, you need to install the Global Positioning System Daemon (GPSD) software.

After you have installed GPSD, you need to configure the kismet.conf file to tailor Kismet to your specific system. In the kismet.conf, you must specify an suiduser. This is the user that kismet will run as. This should be a normal user, not the root account. You must also specify the type of card that you are using (ORiNOCO, Prism 2, Cisco, and so on) as well as the device (eth0, eth1, wlan0, or another). You can set a number of variables in the kismet.conf file that allows you to control the WarDrive. These include the number of times per second Kismet should change or ???hop??? channels and whether you want to disable channel hopping completely. The kismet.conf file also contains information about whether or not to use GPSD.

Starting Kismet is not a completely straightforward process because of the suiduser. Since Kismet runs as a non-root user, you need to ensure that you have that user???s environment variables and permissions, but still have the root privileges needed to start Kismet. The easiest way to do this is to use thesu command rather than the su ??“ command prior to starting Kismet.

To successfully WarDrive using Kismet, you need to understand the Kismet user interface. The Kismet user interface is divided into three main parts: the Networks Display, the Statistics Frame, and the Status Frame. The Networks Display lists all of the wireless networks that Kismet has discovered and the current GPS position information. The Statistics Frame displays information about the type of traffic Kismet has captured. The Status Frame scrolls information about the networks Kismet discovers as well as the battery status.

A typical WarDrive using Kismet is accomplished with three main steps:

1. Change to root using the su command from the suiduser account noted in kismet.conf.

2. Start GPSD listening on the port noted in kismet.conf. By default, GPSD listens on port 2947.

3. Start Kismet.

Once Kismet is started, verify that you are receiving GPS coordinates by looking for the GPS position information on the Networks Display of the Kismet user interface. If you are, you can begin WarDriving using Kismet.

Solutions Fast Track

?· Using the Global Positioning System Daemon (GPSD) with Kismet

• In order to use a GPS unit with Kismet, you need to install GPSD.
• Download GPSD from www.pygps.org/gpsd/.
• Uncompress and untar GPSD.
• Execute the configure script, then run make and make install.
• Start GPSD before starting Kismet so that GPS coordinates are logged for found networks.

?· Configuring Kismet

• Before you can use Kismet, you must edit the kismet.conf file located in /usr/local/etc.
• You must set a normal (non-root) user as suiduser.
• Set the source variable to the appropriate type of card and interface of your system.
• Set the channelhop and channelvelocity variables. If you want to enable channel hopping, set the channelhop variable to ???true.??? If you want Kismet to monitor only a single channel, set this variable to ???false.??? The channelvelocity variable indicates the number of times the Kismet channel hopper changes channels each second.
• Set the gps and gpshost variables. If you intend to use a GPS unit with Kismet, set the gps variable to true. If you do not intend to use a GPS, set this value to false. If you are using a GPS and have set the gps variable to true, set the port that GPSD on which GPSD is listening in the gpshostvariable. By default, GPSD listens on port 2947.

?· Starting Kismet

• In order to start Kismet, you need to have root privileges, but must maintain the ability for the user set as ???suiduser??? in kismet.conf to write the log files.
• This is accomplished by logging in as the suiduser and then using the su command without a ???-??? appended to change to the root user.
• Next, simply issue the kismet command and Kismet starts and begins identifying wireless networks.

?· WarDriving Using Kismet

• The Kismet user interface is divided into three main sections, or frames.
• The Networks Display shows all of the wireless networks that Kismet has identified. The Networks Display also shows the current GPS data if you are using a GPS unit.
• The Statistics Frame displays information such as the total number of networks identified, the number of packets captured, and the type of packets captured.
• The Status Frame displays a scrolling list of all networks found, as they are found, and the battery life of your system if you have it configured to do so.
• Pressing the ???h??? key while Kismet is running displays the Kismet keyboard help. There are a number of display options that can be used to manipulate the Kismet user interface.
• Kismet automatically saves data while it is running. When you are finished WarDriving, simply type a capital ???Q??? to quit and close the application.

Frequently Asked Questions

Q: Can I change the user interface colors that Kismet uses by default?

A: Yes. The kismet_ui.conf file found in /usr/local/etc allows you to change the default colors and many other options that are specific to the kismet user interface. The following variables determine the colors used by Kismet:

• backgroundcolor The color of the background on the user interface.
• textcolor The text color used by the Kismet user interface for all text except access points found.
• bordercolor The color of the borders separating the three main frames of the user interface.
• titlescolor The color for titles on the user interface.
• monitorcolor The color used on the user interface for GPS and battery information.
• wepcolor The color Kismet uses to display access points with Wired Equivalent Privacy (WEP) enabled
• factorycolor The color Kismet uses to show access points with default settings.
• opencolor The color Kismet uses to show access points that are not using WEP but do not have default settings.
• cloakcolor The color Kismet uses to show cloaked networks that have been discovered.

Q: What colors can I use on the Kismet user interface?

A: You can use black, red, yellow, green, blue, magenta, cyan, and white. If you want the text to be bolded, prepend the word ???hi-??? to the color. For example, to use bolded red to denote your GPS and battery information, set the monitorcolor variable to ???hi-red??? in the kismet_ui.conf file.

Q: Kismet saves Weak Initialization Vectors (IVs). Does this mean that I can use Kismet to crack WEP?

A: No. Kismet simply saves the Weak IVs so they can be fed into another program such as WEPCrack for cracking. Kismet it not designed to crack WEP keys.

Q: How does Kismet determine if an access point it has discovered is using a default SSID?

A: The ap_manuf file located in /usr/local/etc is a flat text file that has the different Media Access Control (MAC) addresses used by different manufacturers and their default SSIDs. If the MAC address and SSID are listed in this file, Kismet considers the SSID to be the default.

Q: How many different log files does Kismet generate, and what are their differences?

A: Kismet generates the following log files:

• dump A raw packet dump
• network A plaintext log of detected networks
• csv A plaintext log of detected networks in Comma Separated Value (CSV) format
• xml An Extensible Markup Language (XML) formatted log of networks
• weak The weak packets detected and stored in AirSnort format
• cisco A log of Cisco equipment discovered in Cisco Discovery Protocol (CDP) format
• gps A log of the Global Positioning System coordinates

By default, Kismet generates all seven of these logs. You can change this by editing the logtypes variable in the kismet.conf file.

Q: Can I change the sound that Kismet plays when it finds a new access point?

A: Yes. Kismet plays the .wav file indicated in the sound_alert variable field of the kismet_ui.conf. You can change this to any .wav file that you want as long as you provide the full path to the .wav file.

Q: How do I get Kismet to display my battery status?

A: The apm variable of the kismet_ui.conf file must be set to ???true??? in order for your battery status to be displayed in the Kismet user interface. You must also have Advanced Power Management (APM) enabled in your Linux kernel. Advanced Power Management (APM) enabled in your Linux kernel.

Last Updated ( Thursday, 27 January 2005 )