Kismet Wireless

Kismet Forums

 

Posted by:musketeer
Subject:Continuous Packet Capture
Date:05:50:53 11/05/2009

Just to close this issue, the inability to continuously capture packets was due to incorrect patch of ipw220 driver 1.2.2. on Hardy Heron 8.04.

Luckily found the right patch and was able to get the rtap interface working and then for continuous packet capture by Kismet, i had to put sources=ipwlivetap,eth1,[generic name]

Everything even wireshark works now, then installed 9.04 and everything worked out of the box without any patches.



> Rfmon, thanks, my bad. My task is to capture packets all the packets on a network (eg my own network, but with several computers and my compSo uter being able to capture all the traffic on this channel and ssid).
>
> What I am observing with kismet configuration on my side is that the wireless goes into monitor mode and kismet displays all the SSIDs in my vicinity.
>
> I let it run for several minutes but it had only captured 77 packets.
> Next time I ran it and let it run even longer but this time it was only 111 and later grew to 127 (most likely because another SSID had showed up). The dumps confirmed that only 77 and 127 packets were captured.
>
> As mentioned earlier, Wireshark and my IPW2200 is only able to capture broadcast packets and packets intended for my machine.
>
> I couldn't find any configuration to change the behavior of kismet. I am not concerned if I capture in pure monitor mode, or rfmon mode, but I can't seem to make my card go into rfmon mode but that is a secondary issue.
>
> And thanks dragorn.
>
> > > Never mind guys, what I want is promiscuous mode to work while Kismet works with monitor mode. At least I got something to work.
> >
> > Huh?
> >
> > That doesn't really make sense.
> >
> > Rfmon is for wireless.
> >
> > Promisc is for wired.
> >
> > >
> > > > The following paragraph in the Documentation implies that Kismet doesn't continuously capture packets, which is exactly what I have observed.
> > >
> >
> > Yes, it does.
> >
> > > > Is it possible to use it as Winshark and capture packets continuously? I am running Ubuntu 8.04 with IPW2200 1.2.2 and IEEE80211 1.1.18.
> >
> > Define "capture continuously". Kismet captures all packets. "continuously".
> >
> > > >
> > > > Somehow Kismet is able to force the IPW into monitor mode but Wireshark is unable to snif packets on the same channel and same network ssid.
> >
> > Then your system is broken. There is no reason why you can't capture packets from the same interface Kismet is using with any other tool that makes you happy.
> >
> >
> > > > That is why, the question is, can Kismet be configured to capture packets continuously if configured to capture packets on a particular network/channel.
> >
> > If you want kismet to capture all the packets on a channel, don't tell it to channel hop. It is physically impossible to tune the radio to the entire spectrum: Pick. You get to see all the other networks on other channels, or you get to see every packet on a given channel. Turn off channel hopping if you want to stay on a single channel.
> >
> > -m


Reply to this message