Results 1 to 10 of 12

Thread: kismete_drone over SSH tunnel

Hybrid View

  1. #1

    Default kismete_drone over SSH tunnel

    I know there are a few Kismet gurus prowling around this forum...hope one of you can help...

    I've got kismet working fine in a drone -> server configuration between 2 computers unencrypted. I would like to get this running over SSH. How the heck do you get the tunnels and config set up for this?

    Yes, I know, you are probably reading this and thinking "what an idiot, all you have to do is X Y Z"...well, I'm sitting here saying the same thing to myself...be that as it may, I haven't figured out the magic sauce to get it working. So I come hat in hand to the masses for assistance!

    Any help is appreciated.

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by cybrsnpr View Post
    I know there are a few Kismet gurus prowling around this forum...hope one of you can help...

    I've got kismet working fine in a drone -> server configuration between 2 computers unencrypted. I would like to get this running over SSH. How the heck do you get the tunnels and config set up for this?

    Yes, I know, you are probably reading this and thinking "what an idiot, all you have to do is X Y Z"...well, I'm sitting here saying the same thing to myself...be that as it may, I haven't figured out the magic sauce to get it working. So I come hat in hand to the masses for assistance!

    Any help is appreciated.
    The port that kismet uses is 3501. You'll have to set up a tunnel for that port. There are literally thousands of howtos available on the innerwebs on tunneling things like POP mail via SSH. Find one that fits the particulars of your setup, and simply replace the appropriate port with 3501. ( e.g. If it is a howto on POP3, 110 would be replaced with 3501.)

    I'm just curious though as to why you'd do this. Most drone setups are on small LANs to begin with, so there's no need to tunnel the drone's traffic. How is your drone setup, and what will tunneling do for you?
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    I've done it before, though that was when I didn't write anything down, so now I don't remember the exact config. This should get you started, unless someone has the configs written down. Basically you're port forwarding over a ssh connection.

    http://www.ssh.com/support/documenta...orwarding.html
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  4. #4

    Default

    Thorn & Barry; Thanks for the quick replies. I'll try tweaking the pop3 example. I thought of that as well, but got wrapped up thinking that kismet wouldn't understand encryption of ssh and when I saw pop3 I was thinking pop3-ssl not pure pop3. Too early and not enough coffee I guess.

    Thorn, to answer your specific question about setup and why tunnelling. The scenario is the drone will be far away on the interwebs and to secure the data traversing the tubes from prying eyes & ears, I need some kind of encryption, hence ssh.

    Thanks again, and when I get the darn thing working, I'll post it so I can find it again in 6 months when I forget where I saved the directions!

  5. #5
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by cybrsnpr View Post
    Thorn & Barry; Thanks for the quick replies. I'll try tweaking the pop3 example. I thought of that as well, but got wrapped up thinking that kismet wouldn't understand encryption of ssh and when I saw pop3 I was thinking pop3-ssl not pure pop3. Too early and not enough coffee I guess.

    Thorn, to answer your specific question about setup and why tunnelling. The scenario is the drone will be far away on the interwebs and to secure the data traversing the tubes from prying eyes & ears, I need some kind of encryption, hence ssh.

    Thanks again, and when I get the darn thing working, I'll post it so I can find it again in 6 months when I forget where I saved the directions!
    Ah. I figured it had to be some sort of remote setup. Thanks, and do let us know how it works out.

    As an alternative, you could also change the port that kismet uses, to a port that you find it easier to setup the SSH port forwarding on. (e.g. Follow a POP3 guide, and leave the port as 110.) Then you'd have to change the port number (3501) in the kistmet.conf and the drone.conf files.
    Thorn
    Stop the TSA now! Boycott the airlines.

  6. #6

    Default WORKING - kismet_drone over ssh tunnel

    Thanks to Barry and Thorn for pointing me in the right direction.

    For completeness, I'll add the requisite .conf file mods as well:

    Setup: kismet_drone at remote location, kismet server is your box.

    On remote box, modify kismet_drone.conf file:
    - suiduser=<some unpriv user account>
    - source=<whatever setting for your specific card

    On local box, modify kismet.conf file:
    - source=kismet_drone,127.0.0.1:5000,drone1

    On local box, set up SSH forwarding:
    - ssh -L 5000:127.0.0.1:3501 <useraccount>@<ip of remote box>

    Once logged in to the remote box, start the kismet_drone:
    - kismet_drone &

    In a shell on your local box, start the kismet server:
    - kismet

    The feed you will be getting in the kismet_ui will be from the remote drone.

    One note: you don't have channel information in your Info window and according to Mike Kershaw (kismet developer), you can't lock on to a channel via the UI. You will have to edit the kismet_drone.conf sourcechannels parameter if you want to lock on to a specific channel or channels.

    Hope this is useful to some of you.

    Cheers

  7. #7
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by cybrsnpr View Post
    Thorn & Barry; Thanks for the quick replies. I'll try tweaking the pop3 example. I thought of that as well, but got wrapped up thinking that kismet wouldn't understand encryption of ssh and when I saw pop3 I was thinking pop3-ssl not pure pop3. Too early and not enough coffee I guess.

    Thorn, to answer your specific question about setup and why tunnelling. The scenario is the drone will be far away on the interwebs and to secure the data traversing the tubes from prying eyes & ears, I need some kind of encryption, hence ssh.

    Thanks again, and when I get the darn thing working, I'll post it so I can find it again in 6 months when I forget where I saved the directions!
    You're still going to be tunneling over ssh, not pop3. As far as kismet is concerned it's not using the ssh connection. When I did it, I had a linksys wrt being a drone, and I could connect to it from work. Mainly just screwing around, but the boss thought it was pretty cool. We were going to put a drone in each location to watch for unauthorized access points, but never got around to doing it.


    Ahh, you figured it out. Don't forget to forward port 5000 on your firewall.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  8. #8
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    bookmarked and thank you. this will come in handy later.

  9. #9

    Default

    Quote Originally Posted by Barry View Post
    Don't forget to forward port 5000 on your firewall.
    Actually, I'm going out to the remote host on port 22. Port 5000 is local loop.
    (ran netstat on both boxes to double check!)

  10. #10
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by cybrsnpr View Post
    Actually, I'm going out to the remote host on port 22. Port 5000 is local loop.
    (ran netstat on both boxes to double check!)
    I would change that port. I used to get thousands of brute force attempts over port 22, daily.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •