Kismet Frequently Asked Questions

* How do I convert older binary GPS files to the new XML forat?
* My card can do RF Monitoring but doesn't work in Kismet.
* What GPS receivers are supported?
* When is local dump used and when is wiretap dump used?
* I'm sure there are encrypted data packets in this network, but they show up
  as normal data packets.
* What is fuzzy encryption detection?
* I get errors that it can't find "glib-config" or "Magick-config" during the
  configure process, but I know I have them!
* Is there a mailing list?
* Why doesn't Kismet enable RF monitoring automatically?
* My Cisco doesn't seem to be capturing packets correctly or entering RF 
  monitor mode
* I'm using the CVS Cisco drivers and can't see any packets
* Cisco beacons while in RF Monitor mode anyhow!
* GPSMap segfaults, what gives?
* After running 'kismet' it says kismet_server or kismet_client not found.
* Kismet quits immediately saying 'GPS logging requested but GPS support was
  not compiled'
* My Garmin GPS appears to have a lock, and Kismet reports coordinates, but
  Kismet still won't record a GPS file and it says it has no lock.
* What happened to foo_monitor and foo_unmonitor?
* What happened to prism2_hopper?
* kismet_server won't start with an error about being unable to bind.
* kismet_client won't start with an error about being unable to connect to
  localhost
* Redhat 7.3 says it isn't in monitor mode even after I run kismet_monitor!
* Why do I see more clients in the seperate networks than I do in a group?
* Kismet says "No 'suiduser' option in the config file" and exits
* Where do the manufacturer fingerprints come from?
* I use a non-english language system, and gpsmap isn't working.

Q: How do I convert older binary GPS files to the new XML format?
A: Use the utility "kismet2xml" in the extras/ directory.


Q: My card can do RF monitoring but doesn't work in Kismet, will you support
it?
A: Yes, I'll certianly try, if you:

a: Give me one for development.
b: Loan me one for however long it takes to write the code.
c: Give me an account on a system with that card installed that I can do 
development on. (and with enough access rights to throw the card into 
promisc mode)


Q: What GPS receivers are supported?
A: Kismet supports all NMEA-based GPS recievers via the "gpsd" generic GPS 
daemon, as well as some proprietary recievers which gpsd understands.


Q: When is local dump used and when is wiretap dump used?
A: Local dump is used if the wiretap library cannot be found, or if the 
--enable-local-dump is specified in the config.  Local dump writes pcap/ethereal
compatable logs.     


Q: I'm sure there are encrypted data packets in this network, but they show up
as normal data packets.
A: Kismet uses the 802.11 headers to determine if a packet is encrypted, 
however, sometimes these aren't set correctly.  The prism2 source in particular 
seems to incorrectly set these headers (or, more to the point, doesn't set these
headers.)  Enable fuzzy encryption for the capture type you're having trouble
with.


Q: What is fuzzy encryption detection?
A: Fuzzy encryption detection uses the first fields of data to guess if a 
packet is detected.  This is not foolproof, and may lead to false positives.
Enable fuzzyencryption for your packetsource in the kismet.conf file.  


Q: I get errors that it can't find "glib-config" or "Magick-config" during the
configure process, but I know I have them!
A: You're probably configuring or compiling as root - this is generally a bad
idea both because gcc is a complex program and shouldn't be trusted with root 
and user input, and because root has a stripped-down PATH environment.  You 
should probably configure and compile as a normal user and use root just to 
do the install.


Q: Is there a mailing list?
A: Yes - subscribe at wireless-subscribe@kismetwireless.net.


Q: Why doesn't Kismet enable RF monitoring automatically?
A: In two words, compatability and security.

Kismet is designed to work with as many cards as possible, and to do as little 
to your system as possible.  Putting a card in RF monitoring mode requires root 
access, but it also varies from card to card.  Executing external programs 
automatically as root is a very bad idea.

Additionally, RF monitoring mode disables the ability to send data.  While I 
expect Kismet is primarily used on single-user laptop or portable systems, I 
am still reluctant to place the ability to knock a systems connection out in 
the hands of unprivileged users.


Q: My Cisco doesn't seem to be capturing packets correctly or entering RF 
monitor mode
A: You probably have an old kernel version, or are using the Cisco corporate
drivers, or are using the pcmcia-cs cisco drivers.  Linux kernel 2.4.16 or 
higher is strongly reccomended, as older linux kernel versions did not support
rfmon correctly.  The cisco corporate and pcmcia-cs cisco drivers also do not
support rfmon mode.


Q: I'm using the CVS Cisco drivers and can't see any packets
A: You need to capture on the interface 'wifi0' (or 'wifi1', and so on) and
the cardtype to "cisco_cvs"


Q: Cisco beacons while in RF Monitor mode anyhow!
A: Apparently some do.  I haven't got a good way to turn this off, but the 
cisco_monitor script DOES set the tx power to 1mW, which should be enough to
curtail the problem.


Q: GPSMap segfaults, what gives?
A: Make sure you have the most recent version of ImageMagick.


Q: After running 'kismet' it says kismet_server or kismet_client not found.
A: Fix your $PATH shell variable.  The kismet script expects kismet_server and
kismet_client to be available.


Q: Kismet quits immediately saying 'GPS logging requested but GPS support was
not compiled'
A: You disabled GPS support.  Set GPS to false and turn off the GPS in 
logtypes.


Q: My Garmin GPS appears to have a lock, and Kismet reports coordinates, but
Kismet still won't record a GPS file and it says it has no lock.
A: Upgrade your GPS firmware to the latest version from Garmin.  Most Garmin
GPSs ship with a version that has a bug in the NMEA output.


Q: What happened to foo_monitor and foo_unmonitor?
A: All of the monitoring code has been merged into kismet_monitor which uses
the "cardtype" option in kismet.conf.  kismet_monitor -h has details.  
The unmonitor scripts have become kismet_unmonitor.


Q: What happened to prism2_hopper?
A: It became kismet_hopper and support multiple card types now.


Q: kismet_server won't start with an error about being unable to bind.
A: Fix 'localhost' in /etc/hosts or upgrade to Kismet 2.4, which fixes
this.


Q: kismet_client won't start with an error about being unable to connect to
localhost
A: Your /etc/hosts isn't set up right.  Either fix this to have 'localhost'
listed correctly, or edit your kismet_ui.conf to point to your hostname or
to 127.0.0.1.


Q: Redhat 7.3 says it isn't in monitor mode even after I run kismet_monitor!
A: Redhat 7.3 has 2 copies of the airo drivers, one which works and one which
doesn't.  It defaults to the one that doesn't.  A quick fix is:
cp /lib/modules/2.4.18-?/kernel/drivers/net/wireless/airo*.o  \
   /lib/modules/2.4.18-?/kernel/drivers/net/pcmcia/ 


Q: Why do I see more clients in the seperate networks than I do in a group?
A: The same client can be broadcast from, and talking to, multiple APs.  When
the APs are combined into a group, the duplicate client is collapsed into a 
single client record.


Q: Kismet says "No 'suiduser' option in the config file" and exits
A: You need to upgrade your config.  Use 'make force_install' and then edit the
config to match your system again.


Q: Where do the manufacturer fingerprints come from?
A: The manufacturer fingerprints come from a database designed and managed by
pr00f at http://unbolted.net.

Q: I use a non-english language system, and gpsmap isn't working.
A: Non-posix language systems cause glibc to format floats incorrectly (for
example, 0,5 instead of 0.5).  This causes the URL which is being fetched
to be incorrect.  This is most easily fixed with the LC_NUMERIC environment
variable.  Launch gpsmap with:
LC_NUMERIC="posix" gpsmap ... ...

