Kismet Wireless

Kismet Forums

 

Posted by:Kismet247
Subject:Strange Message
Date:21:03:30 27/02/2016

Hi guys.

I'm struggling with a really strange message I continue to get in my setup. The kismet server has this message, I don't know if it is important, so I'll see what you guys think.

INFO: Live-adding pseudo capsources from drones temporarily disabled until
rewrite.

Below is what's been going on...


I've got the kismet server (installed on a cleanly installed debian 8 box) listening successfully to the drone that is on a buffalo wzr-hp-ag300h which is also freshly installed with OpenWRT CC.

I start the drone, output below looks good....

root@OpenWrt:/etc/kismet# kismet_drone
ERROR: Kismet was started as root, NOT launching external control binary. This
is NOT the preferred method of starting Kismet as Kismet will continue
to run as root the entire time. Please read the README file section
about Installation & Security and be sure this is what you want to do.
INFO: Reading from config file /etc/kismet/kismet_drone.conf
INFO: Plugin system disabled by Kismet configuration file or command line
INFO: Setting drone connection buffer to 65535 bytes
INFO: Kismet will attempt to hop channels at channels per second unless
overridden by source-specific options
INFO: No specific sources named on the command line, sources will be read from
kismet.conf
INFO: Matched source type 'ath9k' for auto-type source 'wlan0'
INFO: Using hardware channel list 1,2,3,4,5,6,7,8,9,10,11, 11 channels on
source wlan0
INFO: Source 'wlan0' will attempt to create and use a monitor-only VAP instead
of reconfiguring the main interface
INFO: Created source wlan0 with UUID acff52f0-dd82-11e5-9aa2-156103c30632
INFO: Will attempt to reopen on source 'wlan0' if there are errors
INFO: Created TCP listener on port 2502
INFO: Starting GPS components...
INFO: GPS support disabled in kismet.conf
INFO: Kismet drone starting to gather packets
INFO: Bringing down primary interface 'wlan0' to prevent wpa_supplicant and
NetworkManager from trying to configure it
INFO: Started source 'wlan0'


I can sanity check there are comm's coming out of port 2502 from my drone by starting up telnet.
Although the telnet output is garbled, it shows a steady stream of data which stops if I stop the kismet drone on the router. Here the output from telnet.

nru1@SysAlpha:/etc/kismet$ telnet 192.168.1.1 2502
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
��D2013-03-R0lKismet-Drone���(ޭ��MMT�ݎ壔a�2wlan0wlan0monath9kޭ�"T�ݎ壔a�2




��R �
�b�^ޭ��R �
-:��ޭ��< �

%Nޭ��L �
�ޭ��< �
����ޭ��ޭ��< �
&ޭ��< �
�@+�ޭ��< �
��1�ޭ��ޭ��< �
FOޭ��� l
3pRޭ��� ln�^�ޭ��� l
�EWxޭ��< �
���ޭ��< �
0���ޭ��ޭ��< �
��$"ޭ��< �
.&�ޭ��< �
�T��ޭ��< �
f�ޭ��< �
�u�ޭ��ޭ��< {
9�#9ޭ��� {
ƄL�ޭ��� l
E▒^�ޭ��� l
���!ޭ��ޭ��< �
�Htޭ��� �
x�4+ޭ��< �
�K![ޭ��t �
7���ޭ��< {
���zޭ��Stopped source 'wlan0'ޭ�� ▒Shutting down plugins...Connection closed by foreign host.
nru1@SysAlpha:/etc/kismet$
###########################################################################

Okay, so the drone is running again on the router and I go ahead and start the server on my Linux machine.


Here is the output below from my kismet server on my Linux machine.

nru1@SysAlpha:/etc/kismet$ kismet_server
INFO: Not running as root - will try to launch root control binary (/usr/bi
n/kismet_capture) to control cards.
INFO: Started kismet_capture control binary successfully, pid 2752
INFO: Reading from config file /etc/kismet/kismet.conf
INFO: Plugin system disabled by Kismet configuration file or command line
debug - 2751 - child creating ipc fdfd
INFO: No 'dronelisten' config line and no command line drone-listen
argument given, Kismet drone server will not be enabled.
INFO: Created alert tracker...
INFO: Creating device tracker...
INFO: Registered 80211 PHY as id 0
INFO: Kismet will attempt to hop channels at channels per second unless
overridden by source-specific options
INFO: No specific sources named on the command line, sources will be read
from kismet.conf
INFO: Matched source type 'drone' for auto-type source 'drone'
INFO: Using default channel list 'n/a' on source 'drone'
INFO: Disabling reconnection on drone source 'drone' 'drone'. If the
connection fails this source will remain inactive.
INFO: Created source drone with UUID a5d6da66-dd8c-11e5-9a1c-30040c171802
INFO: Disabling channel hopping on source 'drone' because it is not
capable of setting the channel.
INFO: Will attempt to reopen on source 'drone' if there are errors
INFO: Created TCP listener on port 2501
INFO: Kismet drone framework disabled, drone will not be activated.
INFO: Inserting basic packet dissectors...
INFO: Allowing Kismet frontends to view WEP keys
INFO: Starting GPS components...
INFO: GPS support disabled in kismet.conf
ERROR: Missing 'ouifile' option in config, will not resolve manufacturer
names for MAC addresses
INFO: Creating network tracker...
INFO: Creating channel tracker...
INFO: Registering dumpfiles...
INFO: Pcap log in PPI format
INFO: Opened pcapdump log file 'Kismet-20160227-19-59-45-1.pcapdump'
INFO: Opened netxml log file 'Kismet-20160227-19-59-45-1.netxml'
INFO: Opened nettxt log file 'Kismet-20160227-19-59-45-1.nettxt'
INFO: Opened gpsxml log file 'Kismet-20160227-19-59-45-1.gpsxml'
INFO: Opened alert log file 'Kismet-20160227-19-59-45-1.alert'
INFO: Kismet starting to gather packets
INFO: Started source 'drone'
INFO: kismet_capture pid 2752 synced with Kismet server, starting service
loop
INFO: Kismet drone client connected to remote server "Kismet-Drone" using
protocol version 1
INFO: Live-adding pseudo capsources from drones temporarily disabled until
rewrite.


If I go to my Kismet Client window to watch for activity, there is nothing, it's like it's receiving nothing from the drone. (There is plenty of wifi activity going on around me as Wi-viz shows)

What interested me the most today was that I left the server and drone running for about an hour while I was doing other stuff, when I suddenly got activity. It was only one measly packet, but activity none-the-less. But that was it.

I've ran so many configurations my head is hurting.



On my linux box (192.168.1.2) I'm running kismet client-server version 2013-03-R1b-3
Below is the config file from the linux machine kismet client-server

# Kismet config file
# Most of the "static" configs have been moved to here -- the command line
# config was getting way too crowded and cryptic. We want functionality,
# not continually reading --help!

# Version of Kismet config
version=2009-newcore

# Name of server (Purely for organizational purposes)
# If commented out, defaults to host name of system
# servername=Kismet Server

# Prefix of where we log (as used in the logtemplate later)
# logprefix=/some/path/to/logs

# Do we process the contents of data frames? If this is enabled, data
# frames will be truncated to the headers only immediately after frame type
# detection. This will disable IP detection, etc, however it is likely
# safer (and definitely more polite) if monitoring networks you do not own.
# hidedata=true

# Do we allow plugins to be used? This will load plugins from the system
# and user plugin directiories when set to true (See the README for the default
# plugin locations).
allowplugins=false

# See the README for full information on the new source format
# ncsource=interface:options
# for example:
ncsource=drone:host=192.168.1.1,port=2502
# ncsource=wifi0:type=madwifi
# ncsource=wlan0:name=intel,hop=false,channel=11

# Comma-separated list of sources to enable. This is only needed if you defined
# multiple sources and only want to enable some of them. By default, all defined
# sources are enabled.
# For example, if sources with name=prismsource and name=ciscosource are defined,
# and you only want to enable those two:
# enablesources=prismsource,ciscosource

# Control which channels we like to spend more time on. By default, the list
# of channels is pulled from the driver automatically. By setting preferred channels,
# if they are present in the channel list, they'll be set with a timing delay so that
# more time is spent on them. Since 1, 6, 11 are the common default channels, it makes
# sense to spend more time monitoring them.
# For finer control, see further down in the config for the channellist= directives.
##preferredchannels=1,6,11

# How many channels per second do we hop? (1-10)
##channelvelocity=3

# By setting the dwell time for channel hopping we override the channelvelocity
# setting above and dwell on each channel for the given number of seconds.
#channeldwell=10

# Channels are defined as:
# channellist=name:ch1,ch2,ch3
# or
# channellist=name:range-start-end-width-offset,ch,range,ch,...
#
# Channels may be a numeric channel or a frequency
#
# Channels may specify an additional wait period. For common default channels,
# an additional wait period can be useful. Wait periods delay for that number
# of times per second - so a configuration hopping 10 times per second with a
# channel of 6:3 would delay 3/10ths of a second on channel 6.
#
# Channel lists may have up to 256 channels and ranges (combined). For power
# users scanning more than 256 channels with a single card, ranges must be used.
#
# Ranges are meant for "power users" who wish to define a very large number of
# channels. A range may specify channels or frequencies, and will automatically
# sort themselves to cover channels in a non-overlapping fashion. An example
# range for the normal 802.11b/g spectrum would be:
#
# range-1-11-3-1
#
# which indicates starting at 1, ending at 11, a channel width of 3 channels,
# incrementing by one. A frequency based definition would be:
#
# range-2412-2462-22-5
#
# since 11g channels are 22 mhz wide and 5 mhz apart.
#
# Ranges have the flaw that they cannot be shared between sources in a non-overlapping
# way, so multiple sources using the same range may hop in lockstep with each other
# and duplicate the coverage.
#
# channellist=demo:1:3,6:3,11:3,range-5000-6000-20-10

# Default channel lists
# These channel lists MUST BE PRESENT for Kismet to work properly. While it is
# possible to change these, it is not recommended. These are used when the supported
# channel list can not be found for the source; to force using these instead of
# the detected supported channels, override with channellist= in the source defintion
#
# IN GENERAL, if you think you want to modify these, what you REALLY want to do is
# copy them and use channellist= in the packet source.
channellist=IEEE80211b:1:3,6:3,11:3,2,7,3,8,4,9,5,10
channellist=IEEE80211a:36,40,44,48,52,56,60,64,149,153,157,161,165
channellist=IEEE80211ab:1:3,6:3,11:3,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64,149,153,157,161,165


# Client/server listen config
listen=tcp://127.0.0.1:2501
# People allowed to connect, comma seperated IP addresses or network/mask
# blocks. Netmasks can be expressed as dotted quad (/255.255.255.0) or as
# numbers (/24)
allowedhosts=127.0.0.1
# Maximum number of concurrent GUI's
maxclients=5
# Maximum backlog before we start throwing out or killing clients. The
# bigger this number, the more memory and the more power it will use.
maxbacklog=5000


# Server + Drone config options. To have a Kismet server export live packets
# as if it were a drone, uncomment these.
# dronelisten=tcp://127.0.0.1:3501
# droneallowedhosts=127.0.0.1
# dronelisten=tcp://192.168.1.1:2502
# droneallowedhosts=127.0.0.1
# dronemaxclients=5
# droneringlen=65535

# OUI file, expected format 00:11:22<tab>manufname
# IEEE OUI file used to look up manufacturer info. We default to the
# wireshark one since most people have that.
##ouifile=/etc/manuf
##ouifile=/usr/share/wireshark/wireshark/manuf
##ouifile=/usr/share/wireshark/manuf
##ouifile=/Applications/Wireshark.app/Contents/Resources/share/wireshark/manuf

# Do we have a GPS?
gps=false

tuntap_export=false
# What virtual interface do we use
##tuntap_device=kistap0

# Packet filtering options:
# filter_tracker - Packets filtered from the tracker are not processed or
# recorded in any way.
# filter_export - Controls what packets influence the exported CSV, network,
# xml, gps, etc files.
# All filtering options take arguments containing the type of address and
# addresses to be filtered. Valid address types are 'ANY', 'BSSID',
# 'SOURCE', and 'DEST'. Filtering can be inverted by the use of '!' before
# the address. For example,
# filter_tracker=ANY(!"00:00:DE:AD:BE:EF")
# has the same effect as the previous mac_filter config file option.
# filter_tracker=...
# filter_dump=...
# filter_export=...
# filter_netclient=...

# Alerts to be reported and the throttling rates.
# alert=name,throttle/unit,burst
# The throttle/unit describes the number of alerts of this type that are
# sent per time unit. Valid time units are second, minute, hour, and day.
# Burst describes the number of alerts sent before throttling takes place.
# For example:
# alert=FOO,10/min,5
# Would allow 5 alerts through before throttling is enabled, and will then
# limit the number of alerts to 10 per minute.
# A throttle rate of 0 disables throttling of the alert.
# See the README for a list of alert types.
alert=ADHOCCONFLICT,5/min,1/sec
alert=AIRJACKSSID,5/min,1/sec
alert=APSPOOF,10/min,1/sec
alert=BCASTDISCON,5/min,2/sec
alert=BSSTIMESTAMP,5/min,1/sec
alert=CHANCHANGE,5/min,1/sec
alert=CRYPTODROP,5/min,1/sec
alert=DISASSOCTRAFFIC,10/min,1/sec
alert=DEAUTHFLOOD,5/min,2/sec
alert=DEAUTHCODEINVALID,5/min,1/sec
alert=DISCONCODEINVALID,5/min,1/sec
alert=DHCPNAMECHANGE,5/min,1/sec
alert=DHCPOSCHANGE,5/min,1/sec
alert=DHCPCLIENTID,5/min,1/sec
alert=DHCPCONFLICT,10/min,1/sec
alert=NETSTUMBLER,5/min,1/sec
alert=LUCENTTEST,5/min,1/sec
alert=LONGSSID,5/min,1/sec
alert=MSFBCOMSSID,5/min,1/sec
alert=MSFDLINKRATE,5/min,1/sec
alert=MSFNETGEARBEACON,5/min,1/sec
alert=NULLPROBERESP,5/min,1/sec
#alert=PROBENOJOIN,5/min,1/sec

# Controls behavior of the APSPOOF alert. SSID may be a literal match (ssid=) or
# a regex (ssidregex=) if PCRE was available when kismet was built. The allowed
# MAC list must be comma-separated and enclosed in quotes if there are multiple
# MAC addresses allowed. MAC address masks are allowed.
apspoof=Foo1:ssidregex="(?i:foobar)",validmacs=00:11:22:33:44:55
apspoof=Foo2:ssid="Foobar",validmacs="00:11:22:33:44:55,aa:bb:cc:dd:ee:ff"

# Known WEP keys to decrypt, bssid,hexkey. This is only for networks where
# the keys are already known, and it may impact throughput on slower hardware.
# Multiple wepkey lines may be used for multiple BSSIDs.
# wepkey=00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900

# Is transmission of the keys to the client allowed? This may be a security
# risk for some. If you disable this, you will not be able to query keys from
# a client.
allowkeytransmit=true

# How often (in seconds) do we write all our data files (0 to disable)
writeinterval=0
# SET THE ABOVE VALUE FROM 300 TO ZERO TO STOP FILE WRITES

# Do we use sound?
# Not to be confused with GUI sound parameter, this controls wether or not the
# server itself will play sound. Primarily for headless or automated systems.
enablesound=false
# Path to sound player
soundbin=play

sound=newnet,true
sound=newcryptnet,true
sound=packet,true
sound=gpslock,true
sound=gpslost,true
sound=alert,true

# Does the server have speech? (Again, not to be confused with the GUI's speech)
enablespeech=false
# Binary used for speech (if not in path, full path must be specified)
speechbin=flite
# Specify raw or festival; Flite (and anything else that doesn't need formatting
# around the string to speak) is 'raw', festival requires the string be wrapped in
# SayText("...")
speechtype=raw

# How do we speak? Valid options:
# speech Normal speech
# nato NATO spellings (alpha, bravo, charlie)
# spell Spell the letters out (aye, bee, sea)
speechencoding=nato

speech=new,"New network detected s.s.i.d. %1 channel %2"
speech=alert,"Alert %1"
speech=gpslost,"G.P.S. signal lost"
speech=gpslock,"G.P.S. signal O.K."

# How many alerts do we backlog for new clients? Only change this if you have
# a -very- low memory system and need those extra bytes, or if you have a high
# memory system and a huge number of alert conditions.
alertbacklog=50

# File types to log, comma seperated. Built-in log file types:
# alert Text file of alerts
# gpsxml XML per-packet GPS log
# nettxt Networks in text format
# netxml Networks in XML format
# pcapdump tcpdump/wireshark compatible pcap log file
# string All strings seen (increases CPU load)
logtypes=pcapdump,gpsxml,netxml,nettxt,alert

# Format of the pcap dump (PPI or 80211)
pcapdumpformat=ppi
# pcapdumpformat=80211

# Default log title
logdefault=Kismet

# logtemplate - Filename logging template.
# This is, at first glance, really nasty and ugly, but you'll hardly ever
# have to touch it so don't complain too much.
#
# %p is replaced by the logging prefix + '/'
# %n is replaced by the logging instance name
# %d is replaced by the starting date as Mon-DD-YYYY
# %D is replaced by the current date as YYYYMMDD
# %t is replaced by the starting time as HH-MM-SS
# %i is replaced by the increment log in the case of multiple logs
# %l is replaced by the log type (pcapdump, strings, etc)
# %h is replaced by the home directory

logtemplate=%p%n-%D-%t-%i.%l

# Where state info, etc, is stored. You shouldnt ever need to change this.
# This is a directory.
configdir=%h/.kismet/



On my buffalo router (192.168.1.1) I'm running kismet drone version 2013-03-R1b-1

Below is the config file from the router running kismet drone

# Kismet drone config file

version=newcore.1
servername=Kismet-Drone

# Drone configuration Protocol, interface, and port to listen on
dronelisten=tcp://192.168.1.1:2502

# Hosts allowed to connect, comma separated. May include netmasks.
# allowedhosts=127.0.0.1,10.10.10.0/255.255.255.0
droneallowedhosts=192.168.1.2

# Maximum number of drone clients
dronemaxclients=10
droneringlen=65535

# Do we have a GPS?
gps=false

# Sources for collecting wifi transmissions
ncsource=wlan0

# How many channels per second do we hop? (1-10)
channelvelocity=5

# By setting the dwell time for channel hopping we override the channelvelocity
# setting above and dwell on each channel for the given number of seconds.
# channeldwell=10

# Users outside the US might want to use this list:
# channellist=IEEE80211b:1,7,13,2,8,3,14,9,4,10,5,11,6,12
channellist=IEEE80211b:1:3,6:3,11:3,2,7,3,8,4,9,5,10

# US IEEE 80211a
channellist=IEEE80211a:36,40,44,48,52,56,60,64,149,153,157,161,165

# Combo
channellist=IEEE80211ab:1:3,6:3,11:3,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64,149,153,157,161,165


Thanks in advance chaps.


Reply to this message