Results 1 to 8 of 8

Thread: I can not stop hopping mode using Kismet to capture from a single channel

  1. #1
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    17

    Default I can not stop hopping mode using Kismet to capture from a single channel

    Hi,
    I need your help configuring Kismet:
    I would like to configure Kismet to capture packet from a Monitor interface (mon0) in a single channel selected before Kismet start-up.

    I've simply tried to set "channelhop=false" in kismet.conf but Kismet still change channel...

    I've tried to change more options like:
    defaultchannels=IEEE80211a:48
    sourcechannels=mon0:ch48

    no success!


    can you have a look in my kismet.conf? tnx a million
    Code:
    # Kismet config file
    
    # Version of Kismet config
    version=2007.09.R1
    
    # Name of server (Purely for organizational purposes)
    servername=Kismet
    
    # User to setid to (should be your normal user)
    #suiduser=your_user_here
    
    # Do we try to put networkmanager to sleep?  If you use NM, this is probably
    # what you want to do, so that it will leave the interfaces alone while
    # Kismet is using them.  This requires DBus support!
    networkmanagersleep=true
    
    
    # Sources are defined as:
    # source=sourcetype,interface,name[,initialchannel]
    # Source types and required drivers are listed in the README under the
    # CAPTURE SOURCES section.
    # The initial channel is optional, if hopping is not enabled it can be used
    # to set the channel the interface listens on.
    # YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
    source=iwl3945,mon0,Intel
    
    # Comma-separated list of sources to enable.  This is only needed if you defined
    # multiple sources and only want to enable some of them.  By default, all defined
    # sources are enabled.
    # For example:
    # enablesources=prismsource,ciscosource
    
    
    # Automatically destroy VAPs on multi-vap interfaces (like madwifi-ng).
    # Madwifi-ng doesn't work in rfmon when non-rfmon VAPs are present, however
    # this is a fairly invasive change to the system so it CAN be disabled.  Expect
    # things not to work in most cases if you do disable it, however.
    ##vapdestroy=true
    vapdestroy=false
    
    # Do we channelhop?
    channelhop=false
    
    # How many channels per second do we hop?  (1-10)
    #channelvelocity=5
    
    # By setting the dwell time for channel hopping we override the channelvelocity
    # setting above and dwell on each channel for the given number of seconds.
    ##channeldwell=10
    
    # Do we split channels between cards on the same spectrum?  This means if 
    # multiple 802.11b capture sources are defined, they will be offset to cover
    # the most possible spectrum at a given time.  This also controls splitting
    # fine-tuned sourcechannels lines which cover multiple interfaces (see below)
    ##channelsplit=true
    channelsplit=false
    
    # Basic channel hopping control:
    # These define the channels the cards hop through for various frequency ranges
    # supported by Kismet.   More finegrain control is available via the 
    # "sourcechannels" configuration option.
    # 
    # Don't change the IEEE80211<x> identifiers or channel hopping won't work.
    
    # Users outside the US might want to use this list:
    # defaultchannels=IEEE80211b:1,7,13,2,8,3,14,9,4,10,5,11,6,12
    ##defaultchannels=IEEE80211b:1,6,11,2,7,3,8,4,9,5,10
    
    # 802.11g uses the same channels as 802.11b...
    ##defaultchannels=IEEE80211g:1,6,11,2,7,3,8,4,9,5,10
    
    # 802.11a channels are non-overlapping so sequential is fine.  You may want to
    # adjust the list depending on the channels your card actually supports.
    #defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,149,153,157,161,184,188,192,196,200,204,208,212,216 
    ##defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64
    defaultchannels=IEEE80211a:48
    
    
    # Combo cards like Atheros use both 'a' and 'b/g' channels.  Of course, you
    # can also explicitly override a given source.  You can use the script 
    # extras/listchan.pl to extract all the channels your card supports.
    ##defaultchannels=IEEE80211ab:1,6,11,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64
    defaultchannels=IEEE80211ab:48
    
    # Fine-tuning channel hopping control:
    # The sourcechannels option can be used to set the channel hopping for 
    # specific interfaces, and to control what interfaces share a list of 
    # channels for split hopping.  This can also be used to easily lock
    # one card on a single channel while hopping with other cards.
    # Any card without a sourcechannel definition will use the standard hopping
    # list.
    # sourcechannels=sourcename[,sourcename]:ch1,ch2,ch3,...chN
    ##prova iwl3945,mon0,Intel
    sourcechannels=mon0:ch48
    
    # ie, for us channels on the source 'prism2source' (same as normal channel
    # hopping behavior):
    # sourcechannels=prism2source:48
    
    # Given two capture sources, "prism2a" and "prism2b", we want prism2a to stay
    # on channel 6 and prism2b to hop normally.  By not setting a sourcechannels 
    # line for prism2b, it will use the standard hopping.
    # sourcechannels=prism2a:6
    
    # To assign the same custom hop channel to multiple sources, or to split the 
    # same custom hop channel over two sources (if splitchannels is true), list
    # them all on the same sourcechannels line:
    # sourcechannels=prism2a,prism2b,prism2c:1,6,11
    
    # Port to serve GUI data
    tcpport=2501
    # People allowed to connect, comma seperated IP addresses or network/mask
    # blocks.  Netmasks can be expressed as dotted quad (/255.255.255.0) or as
    # numbers (/24)
    allowedhosts=127.0.0.1
    # Address to bind to.  Should be an address already configured already on
    # this host, reverts to INADDR_ANY if specified incorrectly.
    bindaddress=127.0.0.1
    # Maximum number of concurrent GUI's
    maxclients=5
    
    # Do we have a GPS?
    gps=true
    # Host:port that GPSD is running on.  This can be localhost OR remote!
    gpshost=localhost:2947
    # Do we lock the mode?  This overrides coordinates of lock "0", which will
    # generate some bad information until you get a GPS lock, but it will 
    # fix problems with GPS units with broken NMEA that report lock 0
    gpsmodelock=false
    
    # Packet filtering options:
    # filter_tracker - Packets filtered from the tracker are not processed or
    #                  recorded in any way.
    # filter_dump    - Packets filtered at the dump level are tracked, displayed,
    #                  and written to the csv/xml/network/etc files, but not 
    #                  recorded in the packet dump
    # filter_export  - Controls what packets influence the exported CSV, network,
    #                  xml, gps, etc files.
    # All filtering options take arguments containing the type of address and
    # addresses to be filtered.  Valid address types are 'ANY', 'BSSID',
    # 'SOURCE', and 'DEST'.  Filtering can be inverted by the use of '!' before
    # the address.  For example,
    # filter_tracker=ANY(!00:00:DE:AD:BE:EF)
    # has the same effect as the previous mac_filter config file option.
    # filter_tracker=...
    # filter_dump=...
    # filter_export=...
    
    # Alerts to be reported and the throttling rates.
    # alert=name,throttle/unit,burst/unit
    # The throttle/unit describes the number of alerts of this type that are
    # sent per time unit.  Valid time units are second, minute, hour, and day.
    # Burst rates control the number of packets sent at a time
    # For example:
    # alert=FOO,10/min,5/sec
    # Would allow 5 alerts per second, and 10 alerts total per minute.
    # A throttle rate of 0 disables throttling of the alert.
    # See the README for a list of alert types.
    alert=NETSTUMBLER,10/min,1/sec
    alert=WELLENREITER,10/min,1/sec
    alert=LUCENTTEST,10/min,1/sec
    alert=DEAUTHFLOOD,10/min,2/sec
    alert=BCASTDISCON,10/min,2/sec
    alert=CHANCHANGE,5/min,1/sec
    alert=AIRJACKSSID,5/min,1/sec
    alert=PROBENOJOIN,10/min,1/sec
    alert=DISASSOCTRAFFIC,10/min,1/sec
    alert=NULLPROBERESP,10/min,1/sec
    alert=BSSTIMESTAMP,10/min,1/sec
    alert=MSFBCOMSSID,10/min,1/sec
    alert=LONGSSID,10/min,1/sec
    alert=MSFDLINKRATE,10/min,1/sec
    alert=MSFNETGEARBEACON,10/min,1/sec
    alert=DISCONCODEINVALID,10/min,1/sec
    alert=DEAUTHCODEINVALID,10/min,1/sec
    
    # Known WEP keys to decrypt, bssid,hexkey.  This is only for networks where
    # the keys are already known, and it may impact throughput on slower hardware.
    # Multiple wepkey lines may be used for multiple BSSIDs.
    # wepkey=00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900
    
    # Is transmission of the keys to the client allowed?  This may be a security
    # risk for some.  If you disable this, you will not be able to query keys from
    # a client.
    allowkeytransmit=true
    
    # How often (in seconds) do we write all our data files (0 to disable)
    writeinterval=3
    trackivs=false
    ap_manuf=ap_manuf
    client_manuf=client_manuf
    metric=false
    waypoints=false
    waypointdata=%h/.gpsdrive/way_kismet.txt
    waypoint_essid=false
    alertbacklog=50
    logtypes=dump,network,csv,xml,weak,cisco,gps
    trackprobenets=true
    noiselog=false
    corruptlog=true
    beaconlog=true
    phylog=true

  2. #2
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Hold a second, I'm not kismet guru but looks like you are trying to fix the channel at 48
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  3. #3
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by kazalku View Post
    Hold a second, I'm not kismet guru but looks like you are trying to fix the channel at 48
    Yea, 802.11a has that channel.


    @TheMrOrange

    You can stop hopping from within kismet. Hit h while it is running to see the help menu.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  4. #4
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    17

    Default

    yes, it's not a mistake!
    802.11a @ channel 48
    My wlan cards can use that channel and I would like to capture packets between two AdHoc hosts!
    I've no problems capturing with wireshark but kismet allow me to capture also gps information...

    @ Barry
    I would like to set kissmet in hopping mode because I've others tools that can crash if someone (kiemet for example) try to modify wlan setting so I cant stop hopping after kismet start-up...

  5. #5
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    Code:
    # Fine-tuning channel hopping control:
    # The sourcechannels option can be used to set the channel hopping for 
    # specific interfaces, and to control what interfaces share a list of 
    # channels for split hopping.  This can also be used to easily lock
    # one card on a single channel while hopping with other cards.
    # Any card without a sourcechannel definition will use the standard hopping
    # list.
    # sourcechannels=sourcename[,sourcename]:ch1,ch2,ch3,...chN
    ##prova iwl3945,mon0,Intel
    sourcechannels=mon0:ch48
    should it read:
    sourcechannels=mon0:48

    William

  6. #6
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Quote Originally Posted by Barry View Post
    Yea, 802.11a has that channel.


    @TheMrOrange

    You can stop hopping from within kismet. Hit h while it is running to see the help menu.
    That was new to me..........
    Learning...........
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  7. #7
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by TheMrOrange View Post
    Hi,
    ....

    defaultchannels=IEEE80211a:48
    sourcechannels=mon0:ch48

    ...
    Don't use "ch48", use "48".

    Also append ",48" onto your "sources=" line. This will insure the card starts on ch 48.

    Is "mon0" the correct interface name for your card?


    One other thing (blatant plug), get a copy of Kismet Hacking.
    Thorn
    Stop the TSA now! Boycott the airlines.

  8. #8
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    At first i thought this had something to do with zero_chaos's presentation at schmoo as i only saw b/g in the source.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •