Topic: Cisco Problem: SSID Monitoring in Kismet

I posted this in the wireless forum before I realized I wasn't supposed to post problems there. So, here I am, reposting in the problems forum. How appropriate?


Ok, using a Cisco Aironet 350 and Kismet.

I set the .conf to use cisco_cvs, ethx:wifix, xxxxx. Trouble is Kismet only sees the SSID that I'm connected to. For example, say I have two WAPs, one's SSID is net1, the other's is net2. If I configure ethx (using iwconfig) to use essid net1 and then open kismet, it starts showing me packets and info about net1, but is oblivious to net2. However, while kismet is running, I can iwconfig ethx to use essid net2, and immediately kismet stops reporting on net1, and suddenly becomes aware of net2.

My (limited) understanding, though, is that kismet is supposed to use monitor mode, and be able to see all ssid's at once. I think that kismet is putting the card into monitor mode automatically (again I THINK). Even still, I messed around with kismet_monitor, and other things trying to get it to monitor all available ssid's, but I can't figure it out.

Have I misconfigured something? Or is it another 'Cisco problem'? Also note I can use the same card in M$ XP with netstumbler, and see more than one SSID at a time. Again, the card is an Aironet 350, firmware version is somewhere in the 2's (2.45.xx, or, somewhere). I downgraded it to get it to work with S-T-D.

Thanks, ya'll, for the help.
Dj

Last edited by pballer2oo7 (07-11-2006 03:19:07)

  • Kilroy
  • S-T-D Staff (Moderator)
  • Offline

Re: Cisco Problem: SSID Monitoring in Kismet

have you tried manually setting the device into monitor mode? check to see if it is actually in monitor mode when you turn kismet on. 
iwconfig device | grep Mode

if not turn it on to monitor mode and restart kismet.
iwconfig device mode monitor

do you have it configured to hop channels?
cat /path/to/kismet.conf | grep channelhop

try manually changing the channel if they are on different channels.
iwconfig device channel #

Last edited by Kilroy (04-11-2006 06:31:26)

Knoppix Cheat Codes
Registered Linux user# 366379

Re: Cisco Problem: SSID Monitoring in Kismet

I started Kismet and then checked what mode my adapter (eth0) was in. In was still in "Managed" mode. I issued "iwconfig eth0 mode Monitor" but it came back "Error for wireless request "Set Mode" (8B06) : SET failed on device eth0 ; Invalid argument."

I am able to change to Ad-Hoc mode, and back to Managed mode using the same command, but not Monitor. Needless to say, I'm perplexed. Thoughts?

The Cisco (CVS) driver uses wifi0 for raw data packets (monitor mode). So, I'm guessing that's why monitor mode isn't available for "eth0". Is there something else in Kismet I need to configure, so that it knows to listen on wifi0, instead of eth0?

Thanks again,
Dj

Re: Cisco Problem: SSID Monitoring in Kismet

i haven't worked with Cisco cards ever in Kismet, so I cannot offer too much. from your posted info, i think i do recall seeing that eth0:wifix  is the proper syntax to use for some cards. why don't you try just wifi0 for it?  also, you posted cisco_csv when you surely meant cisco_cvs.

yes, the card must absolutely in monitor mode for Kismet to work. there's quite a bit of discussion on cisco on the Kismet forums as well.

also, what version of Kismet are you working with?

Last edited by Picoshark (06-11-2006 22:55:42)

  • Kilroy
  • S-T-D Staff (Moderator)
  • Offline

Re: Cisco Problem: SSID Monitoring in Kismet

here, i found this:
http://www.oldskoolphreak.com/tfiles/wi … t_suse.txt
sounds like what your looking for, give it a shot.

Knoppix Cheat Codes
Registered Linux user# 366379

Re: Cisco Problem: SSID Monitoring in Kismet

You are right, I meant cisco_cvs and I corrected my initial post. My version of Kismet is 3.0.1, the version that was included with my Knoppix S-T-D disc (which is version 0.1).

I booted everything up about 10 minutes ago to spend some more time trying to fix this issue, except, to my suprise, everything worked exactly as expected. I set my kismet.conf packet source to cisco_cvs, wifi0:eth1, cisco just as I had before, started Kismet, and it found all three of the SSIDs that I have set up here at the house. One WAP has encryption enabled, Kismet detected that. One of the WAPs was on its own channel relative to the other two. Kismet saw it just the same and gave the accurate channel information. Everything was peachy. I wish I could tell you what was wrong, what changed, what fixed it, but I don't know. I'll keep testing this and that and will let you know if I figure out what my problem was.

Thank you, muchly, for the help. Now all I've gotta' do is learn Airsnort (which, with my Cisco card, is going to be another grand adventure). I'm considering seriously going after an Orinoco Classic Gold card.

Thanks again,
Dj

Re: Cisco Problem: SSID Monitoring in Kismet

be sure that you are getting a Lucent/Orinoco with a Hermes I chipset. the newer ones use a Broadcomm chipset that does not work well in Kismet. good cards to have in a wifi toolkit are Cisco, Prism 2 chipset (good for injection) and Atheros.

although you can make nearly any card associate with an access point with windows drivers using ndiswrapper, they will *not* use monitor mode.

  • boon
  • Just Visiting
  • Offline

Re: Cisco Problem: SSID Monitoring in Kismet

Thanks for taking the time to help, I really apprciate it.

Re: Cisco Problem: SSID Monitoring in Kismet

Hi everybody, i have problem with encapsulation in sub interface in Cisco 2600 series Router and I have stomach problems because I'm using Generic Viagra. The problem is that, when i am going to inter the encapsulation isl 1 or encapsulation dot1q in subinterface of the router the command does' t work and the IOS version is 12.2(8)T4.