Posted by:dragorn
Subject:Kismet and Snort
Date:18:43:09 30/01/2006

> I have set up a Kismet Drone on a WRT54G and wanted to use it for wireless IDS.
> I am not very familiar with Snort, but am going through the docs.
> Would anyone have a link to a guide on snort/kismet set up?

Simple version:

1. Install kismet.
2. Turn on the FIFO pipe in the config file
3. Give kismet the WEP key to your network, if you use WEP.
4. Start kismet, it'll block until someone opens the other end of the FIFO pipe
5. Fire up snort, point it to the FIFO pipe as an input file instead of a live packet source.

In the future:
1. Install kismet-newcore
2. Turn on the tun/tap export
3. Give kismet the WEP key to your network
4. Start kismet
5. Point anything else (like snort, ethereal, etc) at the virtual tun/tap device kismet made.

This support is already in newcore, but if you're not up to tackling all the oddities newcore presents at the moment, wait a while for it to be finished. The tun/tap virtual device method Newcore uses is much better than the fifo pipe that stable-devel presents.


