Created – October 30, 2002
Last updated – February 7, 2003
This document is now depreciated. See my new instructions that do not require the recompilation of the Kernel if installing Kismet on Red Hat 8.0. The new Red Hat Linux 8.0 + Kismet HOWTO can be found here. I have left this old document up in case someone needs it for another Linux distribution.
The primary goal of this
How-To is to install and configure Red Hat Linux 8.0 with an Orinoco wireless
NIC and the Kismet wireless sniffer. I
have created these instructions primarily for an IBM T30 with Windows 2000
Professional on half the hard drive. I
will use the other half of the hard drive for my Red Hat Linux
installation. Although, these instructions
were created for my particular situation, they should apply to many other
configurations.
In the previous series of
Red Hat Linux (7.x), it was fairly simple to get the Orinoco card and Kismet
wireless sniffer to work. The installation
only required the installation of the patched Orinoco drivers and of Kismet
itself. With the introduction of Red
Hat 8.0 it has become necessary to recompile the Linux Kernel, which
intimidates many new to Linux. The
purpose of this document is to provide instructions for both those new to the
Linux environment, and a sanity check for those just stuck somewhere in the
installation process.
Install Red Hat 8.0
Download Required Files
Compile and Install a New Kernel
Configure GRUB
Install PCMCIA and Orinoco drivers
Install libpcap
Install Ethereal
Install GPSDrive (Optional)
Install ImageMagick (Optional)
Install Kismet
Configure Kismet
Running Kismet
Other security tools
To-Do
Questions/Comments/Concerns
Credits
Red Hat Linux has become the
most popular alternative the Windows operating systems. From the beginning of Red Hat, the company
has been working to package an operating system that is simple to install, easy
to use, and contains a variety of practical features.
There are several options to
obtain the media necessary to install Red Hat Linux. Some of the more popular options include:
If you install from CD, it is
recommended that you verify the integrity of the discs the first time you use
them. You will be prompted for this at
the beginning of the installation. The
first and most important step of this install is to install Red Hat Linux. If you need help to install the operating
system, visit http://www.Red
Hat.com/docs/manuals/linux/RHL-8.0-Manual/install-guide/.
Additionally, if you need to download a copy of Red Hat 8.0, visit the following site to find a mirror: http://www.redhat.com/download/mirror.html.
Here
are the options I choose during the installation of Red Hat Linux:
·
Select Language
(English) * Default
·
Keyboard Configuration
(US English) * Default
·
Mouse Configuration (3
Button Mouse (PS/2) * Default
·
Installation Type
(Custom)
·
Disk Partitioning Setup
(Automatically partition)
·
Automatic Partitioning
(Remove all Linux Partitions on this system)
·
Disk Setup (nothing)
·
Boot Loader
Configuration (Default)
·
Network Configuration
(Set hostname manually “wireless1”)
·
Firewall configuration
(Default)
·
Additional Language
Support (Default)
·
Time Zone Selection
(America/Chicago)
·
Account Configuration
(enter password for root account and create user account)
·
Authentication
Configuration (Default)
·
Package Group Selection
(Add the following)
o SQL Database Server - Add "mysql-server" (Click on Details)
o
Development Tools
o
Kernel Development
o
X Software Development
o
Gnome Software
Development
o Select System Tools, but remove "ethereal"
Total
install size: 1,921M
·
About to Install
(forward)
Installation
(25 minutes later for a CD install, 4 hours for a net install)
·
Boot Diskette Creation
(create one if you wish)
·
Graphical Interface (X)
Configuration (Select what you have – I have the ATI Radeon Mobility 7500)
·
Monitor Configuration
(Unprobed Monitor)
·
Customize Graphics
Configuration (Default)
·
Exit
(Automatically
Shutdown and restart into Red Hat Linux)
·
Welcome (forward)
·
Date and Time (I selected
Enable Network Time Protocol - forward)
·
Sound (forward)
·
Update Agent (forward)
register and install updated
·
Additional CDs (select
what you want)
·
Finish Setup (Forward)
Login
using root and your password
Run
up2date to update the system with the latest and most stable packages.
Note – I understand it is
not recommended that you run a NIX system as root, and I agree if it were a
multi-user system that this would be discouraged.
Several files will be
required to complete the installation process.
Download the following files into the specified directories:
The Kernel is the core
component of an operating system which initializes and manages all hardware,
software, and communication management.
We need to recompile the Kernel to allow modular support of the PCMCIA
drivers. This allows us to add in our patched Orinoco driver, allowing us
to "sniff" wireless traffic. If you need additional help
when recompiling the Kernel , A
good HowTo can be found at http://www.tldp.org/HOWTO/Kernel-HOWTO-2.html.
To
begin we need to uncompress the Kernel archive file we downloaded and then
configure it to suit our needs.
# cd /usr/src/
# tar –xzf
linux-2.4.20.tar.gz
# cd linux-2.4.20
# make clean
# make xconfig
There are several options
that should be selected to configure the Kernel to work the way we want it
to. Several of these settings might
depend on your installation, and features you would like to include.
To
configure the kernel, I selected the following options:
Processor type and
features
Pentium
4 (Select your processor type)
General setup
PCMCIA/CardBus Support
M – PCMCIA-CardBus
support
Y
- Advanced Power Management
Y
– Enable PM at boot time
Y
– Make CPU Idle calls when idle
Networking options
Y – Network packet
filtering (replaces ipchains)
Y – Socket Filtering
Network device support
Wireless LAN
(non-hamradio)
Y – Wireless LAN (non-hamradio)
IrDA (infrared)support
Y – IrDA subsystem
support
M – IrLAN protocol
File systems
Y – Kernel automounter
support
Y – Ext3 journalling
file system support
Y – DOS Fat fs
support
Y – MSDOS fs support
Y – VFAT
(Windows-95) fs support
Y – Microsoft Joliet
CDROM extensions
Y – NTFS file system
support (read only)
Sound
Y – Sound card support
Y – Intel ICH (i8xx)
USB
Y – Preliminary USB
device filesystems
Y – USB Human
Interface Device (full HID) support
Y - /dev/hiddev raw
HID device support
Note - If you would like to
see the options that I have selected, or use the same config file, download http://www.tipsybottle.com/technology/wireless/kernel-ritchie.config. Save this file as “/usr/src/linux-2.4.20/.config” before running “make xconfig”.
# make dep
# make
# make bzImage
# make modules
# make install
# make modules_install
GRUB (Grand Unified
Bootloader) is the boot loader which allows a user to choose what operating
system is loaded. Before the new kernel
can load, we must edit the configuration file to include our new kernel
image. For more information about the
GRUB boot loader and configuration file, see http://www.linuxselfhelp.com/gnu/grub/html_chapter/grub_1.html.
Edit
the file “/boot/grup/grub.conf”. (A
link to the grub configuration file can also be fount at “/etc/grub.conf”.)
Note – To edit a file in
Linux, there are several text editors you can use. At the command line, you can use vi or pico. If you would like to use a GUI text editor
go to the Red Hat -> Accessories -> Text Editor.
Add
the following lines at the end of “grub.conf”:
# For booting Linux-2.4.20
title Linux-2.4.20
root (hd0,1)
kernel /vmlinuz-2.4.20
The “root (hd0, 1)” command
points to the specific partition you are using. Look at your Red Hat (probably Linux-2.4.18) line to determine
the partition you are using.
Edit
the following line to change the default boot operating system.
# By default, boot the third entry.
default 2
Save the file and exit. Now reboot the computer.
Using
the command line…
# shutdown –r now
Or
use the GUI.
Red
Hat Icon -> Log Out -> Restart the computer
After
the computer reboots, you should boot into your new kernel. When you see the GRUB menu, be sure it boots
into “Linux-2.4.20”.
Login
with your username and password.
Start
a terminal window.
Red
Hat Icon -> System Tools -> Terminal
Note – Because it’s Linux,
and you should get use to the command line, you might add a link to the
terminal window to the panel window (Microsoft calls it the Task Bar). Right click on the panel window -> Add to
Panel -> Launcher from menu -> System Tools -> Terminal.
The PCMCIA package is a
collection of loadable kernel modules to provide card services and drivers for
a variety of devices including ethernet cards, SCSI adaptors, and wireless
NICs. The Orinoco drivers included in
this package must be modified with a patch from Shmoo to allow the Orinoco card
to be placed into monitor mode. To find
out more information about PCMCIA visit http://pcmcia-cs.sourceforge.net/. Additionally, for information about the
Shmoo patch for Orinoco cards, visit http://airsnort.shmoo.com/orinocoinfo.html.
Install
the latest PCMCIA drivers
# cd /usr/src
# tar -zxvf
pcmcia-cs-3.2.3.tar.gz
# cd pcmcia-cs-3.2.3
# patch -p0 <
/usr/src/pcmcia-cs-3.2.1-orinoco-patch.diff
patching file
wireless/hermes.c
patching file
wireless/hermes.h
patching file
wireless/orinoco.c
patching file
wireless/orinoco.h
# ./Configure
During
the configuration process, change the Linux kernel source directory to “/usr/src/linux-2.4.20”, but keep the rest of the default selections.
# make all
# make install
#cd wireless
#make all
#make install
# service pcmcia start
To
test that the Orinoco drivers have installed correctly, you should see the
following lines after running the “dmesg“ command.
# dmesg
hermes.c: 5 Apr 2002 David
Gibson <hermes@gibson.dropbear.id.au>
orinoco.c 0.11b (David
Gibson <hermes@gibson.dropbear.id.au> and others)
orinoco_cs.c 0.11b (David Gibson <hermes@gibson.dropbear.id.au> and others)
eth1: Station identity
001f:0001:0008:000a
eth1: Looks like a
Lucent/Agere firmware version 8.10
eth1: Ad-hoc demo mode
supported
eth1: IEEE standard IBSS
ad-hoc mode supported
eth1: WEP supported,
104-bit key
eth1: MAC address
00:02:DE:AD:BE:EF
eth1: Station name
"HERMES I"
eth1: ready
eth1: index 0x01: Vcc 5.0, irq 3, io 0x0100-0x013f
Additionally,
to test that the Shmoo patch installed correctly, you should see “monitor”
listed as one of the available features.
# iwpriv eth1
eth1 Available private
ioctl :
force_reset (8BE0)
: set 0 & get 0
card_reset reset (8BE1) : set
0 & get 0
set_port3 reset (8BE2)
: set 1 int & get 0
get_port3 (8BE3)
: set 0 & get 1 int
set_preamble (8BE4)
: set 1 int & get 0
get_preamble (8BE5)
: set 0 & get 1 int
set_ibssport (8BE6)
: set 1 int & get 0
get_ibssport (8BE7)
: set 0 & get 1 int
monitor (8BE8)
: set 2 int & get 0
Note – You might try to restart your computer for the drivers to work properly. I had some problems with the PCMCIA not correctly loading the Orinoco drivers immediately.
Libpcap provides a network library that helps programmers create code that is easy to wire and portable to other operating systems.
Expand
the libpcap file.
# cd or cd /root
# tar –xzf
libpcap-current.tar.gz
The
following line will depend on the date you downloaded the file.
# cd
libpcap-2002.10.19
# ./configure
# make
# make install
Ethereal is a network
protocol analyzer that allows for the capture, viewing, and analysis of
information of each packet that is transmitted over a network. When Kismet runs, it collects packets and
saves them to a file that is compatible with Ethereal. The Kismet dump files can be opened and
further analyzed in Ethereal. For more
information about the use and installation of Ethereal, visit http://www.ethereal.com/docs/user-guide/.
The
installation of Ethereal is as follows:
# cd /usr/src
# tar –xzf
ethereal-0.9.8.tar.gz
# cd ethereal-0.9.8
# ./configure
# make
# make install
GpsDrive is a navigation system that works in conjunction with a NMEA compatible GPS device to determine your exact position by collecting coordinate information. The installation of this program is optional and only necessary if you would like the ability to collect location information while using Kismet. The location data collected from a GPS combined with signal strength can be used to create maps of radio coverage. The coverage maps are created using the "gpsmaps" program included with Kismet. Additionally, recent versions of GPSDrive (greater the 1.30) can log access points detected with Kismet into a backend MySQL database.
Begin the installation of GpsDrive by uncompressing the files:
# cd / or cd /root
# tar –xzf gpsdrive-1.32.tar.gz
# cd gpsdrive-1.32
Configure, compile, and install the GpsDrive program:
# ./configure
# make
# make install
Now run a script to create a MySQL database that will hold the access points that you detect.
# mysql < create.sql
Create a symbolic link to allow GpsDrive to find the mySQL client libraries. (Red Hat does not include the standard libmysqlclient.so file in its RPM package)
# cd /usr/lib
# ln /usr/lib/mysql/libmysqlcleint.so.10 libmysqlclient.a -s
# ln /usr/lib/mysql/libmysqlclient.so.10 libmysqlclient.so -s
To verify that GpsDrive works,
# gpsdrive &
Select “setup”
Select the serial port you will be using on your computer (I’m using “/dev/ttyS0”)
Note – If you’ve configured GpsDrive and are receiving “Input/output error”, you might verify that the serial port is enabled in BIOS. You can verify you are receiving data from the GPS with the following command:
# cat /dev/ttyS0
Install ImageMagick (Optional)
ImageMagick is a graphics package that contains tools and libraries necessary if you would like to use the program “gpsmap” included with Kismet. Gpsmap combines coordinate information collected from a GPS, with signal strength information to produce maps of wireless coverage areas.
Install ImageMagick from source
# cd or # cd /root
# tar –xzf ImageMagick-5.5.3-2.tar.gz
# cd ImageMagick-5.5.3-2
# ./configure
# make
# make install
Kismet has become one of the
standard tools necessary to perform wireless security assessments or just good
old war driving. The included features
challenge that of most commercial products, and are only limited to the weekly
(many times daily) update the author provides.
To
compile kismet, complete the following steps.
# cd or cd /root
# tar –xzf kismet-devel.tar.gz
# cd kismet-devel
# ./configure
# make dep
# make
# make install
If you have problems
installing Kismet or need help with other configuration options. http://www.kismetwireless.net/usage.shtml
Kismet must be configured to
specify various options including the type of wireless network card you will be
using.
Edit
the “/usr/local/etc/kismet.conf“
file.
Red Hat -> Accessories
-> Text Editor
Open ->
/usr/local/etc/kismet.conf
Or
use a command line editor such as pico or vi
#pico
/usr/local/etc/kismet.conf
Change
the following values in kismet.conf.
suiduser=<username you
created>
Verify
that eth1 is your wireless interface (I have a wired NIC eth0 and the Orinoco
as eth1).
source=orinoco,eth1,Kismet
logtemplate=%h/kismet-logs/%n-%d-%i.%l
Save
the “kismet.conf”
configuration file and exit.
Make
the kismet-logs directory that we stated in the kismet configuration file.
# cd /home/<username
you created>
# mkdir kismet-logs
Note – If you have been
doing everything as root, be sure to change the permissions on the kismet-logs
directory to belong to the user and not to root.
# chown
your_user_name:your_user_name kismet-logs
First you must place the
wireless card into monitor mode. This
can be done with the kismet_monitor command.
By adding the “–H” parameter, the program automatically rotates through
the different channels (radio frequencies) available to 802.11b.
To
begin kismet, type the following commands.
# kismet_monitor -H
# kismet
If
you want to use GpsDrive and Kismet, type the following commands.
# service mysqld start (you could also add it to start automatically when linux boots - Red Hat -> Server Settings -> Services, select mysqld, and click save)
# gpsdrive
select "start gpsd"
exit gpsdrive
# kismet_monitor -H
# kismet
new terminal window
# gpsdrive
Select the "use SQL" option
Select the "Show WP" option
Kismet has a good amount of
built in help documents. Once you begin
the Kismet program, press “h” to open a help window. Most screens will have a help window that explains each area, and
keys that can be pressed for various actions.
Another good source of help can be found in both the Kismet forum and
the Netstumbler forum.
Airsnort
– http://airsnort.shmoo.com
Wellenreiter
– http://www.remote-exploit.org/
Tcpdump
– http://www.tcpdump.org
Nmap
– http://www.insecure.org
AirJack
– http://802.11ninja.net
· Get the T30 sound card to work in Kismet
· Build a Better kernel
Change Log
1/13/2003 - Added Database Server, Added Change Log
1/15/2003 - Added GPSDrive Instructions
1/21/2003 - Added ImageMagick Instructions
2/7/2003 - A couple of corrections (S. Seglie)
3/18/2003 - Depreciated this document - See the new version here.
Questions/Concerns/Comments
Feel free to contact me at Ritchie@tipsybottle.com.
btrimble, J. Repucci (corrections), S. Seglie
Copyright
2002 Tipsybottle.com. All Rights
Reserved