Sign in to follow this  
Followers 0

kismet and linksys wpc11 ver. 3

11 posts in this topic

I can't seem to get Kismet to work with my linksys wpc11 card. I've read a lot of docs, even ones for getting the wpc11 to work with kismet.... nothing is working.

I thought I remembered hearing Bland mention he had an linksys wpc11 card on an old RFA.

Anybody use the linksys wpc11 card that can give me some advice other than getting a different card? I've tried Slackware 9, Red Hat 8 & 9 and Knoppix 3.2 HD install. Red Hat 9 and Knoppix seem to have the best support of the card.

I'm looking for somebody who might be able to walk me through it in their free time.


Share this post

Link to post
Share on other sites

redhat9 and knoppix 3.2 will support them enough to get kismet working. the problem is getting kismet to work ;) I would go thru the steps to get it running, but that card is currently on its way to someone else. The problem with kismet is that you're going to have to use the wavlan_cs to make the card work in general, and kismet seems to like those drivers least. You can make it work!! dont give up!!! later today ill post my kismet.conf and show you what you need to change to make it work for you. A few quick questions:

are you running kismet_monitor -H

when you run kismet, can you get as far as the gui?

have you used kismet,wavlan,ehtx in your kismet.conf file

EDIT: the knoppix HD install is by far the best distro of the two, its also what im using, so whatever i post will be relative to it. be sure you upgrade to the new kismet also

as root

apt-get update

apt-get upgrade

that should get you a start


Share this post

Link to post
Share on other sites

I decided to stay with the Knoppix 3.2 hd install.

Answers to your quick questions

are you running kismet_monitor -H

- no

when you run kismet, can you get as far as the gui?

- no

have you used kismet,wavlan,ehtx in your kismet.conf file

- no

In the past I've got kismet to load, but it didn't find any APs even though I was next to some.

I installed the patched orinoco drivers last night and now airsnort works. :)

I'm kind of a newbie when it comes to working with wireless in linux. I've never even tried to get my wireless card to work in linux until a week ago.

Later tonight I'm going to play around with it some more.


Share this post

Link to post
Share on other sites

you need to run

kismet_monitor -H before you run kismet. this puts your card into monitor mode, and the _H makes your card "hop" from channel to channel. the reason that you couldnt find any WAPS even though you were next to some, is because your card didnt hop around the channels to find whatever the WAPS were broadcasting on. so

su -

kismet_monitor -H



Share this post

Link to post
Share on other sites

This is what happends when I try to start kismet.

root@localhost:~# kismet_monitor -HWill launch kismet_hopperSetting interface from //etc/kismet/kismet.conf capinterfaceSetting card type from //etc/kismet/kismet.conf cardtypeEnabling monitor mode for an orinoco card on eth1 channel 6Launching kismet_hopper in the background.Hopping 3 channels per second (333333 microseconds per channel)kismet_hopper - Channel hopping (United States) on interface eth1 as a orinoco card.root@localhost:~# kismetServer options:  noneClient options:  noneEntering monitor mode...Setting interface from //etc/kismet/kismet.conf capinterfaceSetting card type from //etc/kismet/kismet.conf cardtypeEnabling monitor mode for an orinoco card on eth1 channel 6Starting server...NOTICE:  Suid priv-dropping disabled.  This may not be secure.Using prism2 to capture packets.WARNING:  GPS logging requested but GPS support was not included.          GPS logging will be disabled.Logging networks to /var/log/kismet/Kismet-Jul-15-2003-1.networkLogging networks in CSV format to /var/log/kismet/Kismet-Jul-15-2003-1.csvLogging networks in XML format to /var/log/kismet/Kismet-Jul-15-2003-1.xmlLogging cryptographically weak packets to /var/log/kismet/Kismet-Jul-15-2003-1.weakLogging cisco product information to /var/log/kismet/Kismet-Jul-15-2003-1.ciscoLogging data to /var/log/kismet/Kismet-Jul-15-2003-1.dumpWriting data files to disk every 300 seconds.Filtering MAC addresses: DE:AD:BE:EF:00:00Reading AP manufacturer data and defaults from //etc/kismet/ap_manufReading client manufacturer data and defaults from //etc/kismet/client_manufDump file format:Crypt file format: airsnort (weak packet) dumpKismet 2.6.2Capturing packets from Prism/2 (DEPRECATED)Logging data networks CSV XML weak ciscoListening on port 2501, allowing to connect.Starting UI...NOTICE:  Group file did not exist, it will be created.FATAL:  Could not connect to localhost:2501.Killing server...NOTICE: Didn't detect any networks, unlinking network list.NOTICE: Didn't detect any networks, unlinking CSV network list.NOTICE: Didn't detect any networks, unlinking XML network list.NOTICE: Didn't detect any Cisco Discovery Packets, unlinking cisco dumpNOTICE: Didn't capture any packets, unlinking dump fileNOTICE: Didn't see any weak encryption packets, unlinking weak fileTerminating...Shutting down kismet_hopper...Detected killfile /tmp/kismet_hopper.controlkismet_hopper shutting down.Leaving monitor mode...Setting interface from //etc/kismet/kismet.conf capinterfaceSetting card type from //etc/kismet/kismet.conf cardtypeDisabling monitor mode for an orinoco card on eth1You will likely need to restart your PCMCIA services to reconfigure your cardfor the correct channel and SSID.Done.

kismet hpper seems to work but it craps out when I try to run kismet. I'm going to play around with the config some more.


Share this post

Link to post
Share on other sites

Are you running any kind of packet filtering. It looks like the server part is starting up fine but when the user interface tries to connect it's failing the connection attempt.


Share this post

Link to post
Share on other sites

here's my kismet.conf file. i am using an orinoco card so where i'm orinoco, you may be wlan. also, i have changed where my logs go. I've made my little desktop folder and have them go into there, you may want to change that also. other than that, this conf will probably get you running.

# Kismet config file

# Most of the "static" configs have been moved to here -- the command line

# config was getting way too crowded and cryptic.  We want functionality,

# not continually reading --help!

# Version of Kismet config


# Name of server (Purely for organiational purposes)


# MAC addresses to filter, comma seperated.


# Known WEP keys to decrypt, bssid,hexkey.  This is only for networks where

# the keys are already known, and it may impact throughput on slower hardware.

# Multiple wepkey lines may be used for multiple BSSIDs.

# wepkey=00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900

# Is transmission of the keys to the client allowed?  This may be a security

# risk for some.  If you disable this, you will not be able to query keys from

# a client.


# User to setid to (should be your normal user)


# Port to serve GUI data


# People allowed to connect, comma seperated IP addresses or network/mask

# blocks.  Netmasks can be expressed as dotted quad (/ or as

# numbers (/24)


# Maximum number of concurrent GUI's


# Packet sources:

# source=capture_cardtype,capture_interface,capture_name

# Card type - Specifies the type of device. It can be one of:

#     cisco         - Cisco card with Linux Kernel drivers

#     cisco_cvs     - Cisco card with CVS Linux drivers

#     cisco_bsd     - Cisco on *BSD

#     prism2        - Prism2 using wlan-ng drivers with pcap support (all

#                      current versions support pcap)

#     prism2_hostap - Prism2 using hostap drivers

#     prism2_legacy - Prism2 using wlan-ng drivers without pcap support (0.1.9)

#     prism2_bsd    - Prism2 on *BSD

#     orinoco       - Orinoco cards using Snax's patched driers

#     generic       - Generic card with no specific support.  You will have

#                      to put this into monitor mode yourself!

#     wsp100        - WSP100 embedded remote sensor.  

#     wtapfile      - Saved file of packets readable by libwiretap

#     ar5k          - ar5k 802.11a using the vt_ar5k drivers

# Capture interface - Specifies the network interface Kismet will watch for

#  packets to come in on.  Typically "ethX" or "wlanX".  For the WSP100 capture

#  engine, the WSP100 device sends packets via a UDP stream, so the capture

#  interface should be in the form of host:port where 'host' is the WSP100 and

#  'port' is the local UDP port that it will send data to.

# Capture Name      - The name Kismet uses for this capture source.  This is the

#   name used to specify what sources to enable.


# To enable multiple sources, specify a source line for each and then use the

# enablesources line to enable them.  For example:

# source=prism2,wlan0,prism

# source=cisco,eth0,cisco


# Comma-separated list of sources to enable.  This is only needed if you wish

# to selectively enable multiple sources.

# enablesources=prism,cisco

# Do we have a GPS?


# Host:port that GPSD is running on.  This can be localhost OR remote!


# How often (in seconds) do we write all our data files (0 to disable)


# Do we use sound?

# Not to be confused with GUI sound parameter, this controls wether or not the

# server itself will play sound.  Primarily for headless or automated systems.


# Path to sound player


# Optional parameters to pass to the player

# soundopts=--volume=.3

# New network found


# Network traffic sound


# Network junk traffic found


# GPS lock aquired sound

# sound_gpslock=/usr/local/share/kismet/wav/foo.wav

# GPS lock lost sound

# sound_gpslost=/usr/local/share/kismet/wav/bar.wav

# Alert sound


# Does the server have speech? (Again, not to be confused with the GUI's speech)


# Server's path to Festival


# How do we speak?  Valid options:

# speech    Normal speech

# nato      NATO spellings (alpha, bravo, charlie)

# spell     Spell the letters out (aye, bee, sea)


# speech_encrypted and speech_unencrypted - Speech templates

# Similar to the logtemplate option, this lets you customize the speech output.

# speech_encrypted is used for an encrypted network spoken string

# speech_unencrypted is used for an unencrypted network spoken string


# %b is replaced by the BSSID (MAC) of the network

# %s is replaced by the SSID (name) of the network

# %c is replaced by the CHANNEL of the network

# %r is replaced by the MAX RATE of the network

speech_encrypted=New network detected, s.s.i.d. %s, channel %c, network encrypted.

speech_unencrypted=New network detected, s.s.i.d. %s, channel %c, network open.

# Where do we get our manufacturer fingerprints from?  Assumed to be in the

# default config directory if an absolute path is not given.



# Use metric measurements in the output?


# Do we write waypoints for gpsdrive to load?  Note:  This is NOT related to

# recent versions of GPSDrive's native support of Kismet.


# GPSMap waypoint file.  This WILL be truncated.


# How many alerts do we backlog for new clients?  Only change this if you have

# a -very- low memory system and need those extra bytes, or if you have a high

# memory system and a huge number of alert conditions.


# File types to log, comma seperated

# dump    - raw packet dump

# network - plaintext detected networks

# csv     - plaintext detected networks in CSV format

# xml     - XML formatted network and cisco log

# weak    - weak packets (in airsnort format)

# cisco   - cisco equipment CDP broadcasts

# gps     - gps coordinates


# Do we log "noise" packets that we can't decipher?  I tend to not, since

# they don't have anything interesting at all in them.


# Do we log beacon packets or do we filter them out of the dumpfile


# Do we log PHY layer packets or do we filter them out of the dumpfile


# Do we do "fuzzy" crypt detection?  (byte-based detection instead of 802.11

# frame headers)

# valid option: Comma seperated list of card types to perform fuzzy detection

#  on, or 'all'


# What type of dump do we generate?

# valid option: "wiretap"


# Do we limit the size of dump logs?  Sometimes ethereal can't handle big ones.

# 0 = No limit

# Anything else = Max number of packets to log to a single file before closing

# and opening a new one.


# Default log title


# logtemplate - Filename logging template.

# This is, at first glance, really nasty and ugly, but you'll hardly ever

# have to touch it so don't complain too much.


# %n is replaced by the logging instance name

# %d is replaced by the current date

# %t is replaced by the starting log time

# %i is replaced by the increment log in the case of multiple logs

# %l is replaced by the log type (dump, status, crypt, etc)

# %h is replaced by the home directory

# ie, "netlogs/%n-%d-%i.dump" called with a logging name of "Pok" could expand

# to something like "netlogs/Pok-Dec-20-01-1.dump" for the first instance and

# "netlogs/Pok-Dec-20-01-2.%l" for the second logfile generated.

# %h/netlots/%n-%d-%i.dump could expand to

# /home/foo/netlogs/Pok-Dec-20-01-2.dump


# Other possibilities:  Sorting by directory

# logtemplate=%l/%n-%d-%i

# Would expand to, for example,

# dump/Pok-Dec-20-01-1

# crypt/Pok-Dec-20-01-1

# and so on.  The "dump", "crypt", etc, dirs must exist before kismet is run

# in this case.

logtemplate=/home/knoppix/Desktop/stuff/kismet logs/%n-%d-%i.%l

# Where state info, etc, is stored.  You shouldnt ever need to change this.

# This is a directory.


# cloaked SSID file.  You shouldn't ever need to change this.


# Group map file.  You shouldn't ever need to change this.


# IP range map file.  You shouldn't ever need to change this.



Share this post

Link to post
Share on other sites

It still doesn't work. It seems to run fine until it user interface tries to connect. I think I might just wipe knoppix and start over with a new install. When I did that last I was able to get kismet to start, it just wasn't working. The only reason it probably wasn't working was because I didn't run kismet_monitor -H

I'll probably give it a try tonight


Share this post

Link to post
Share on other sites

Off the top of my head, I think you need the wlan-ng drivers to enable monitor mode for the WPC-11. And don't forget to "exit" after starting kismet_monitor and run kismet as the user you defined in the config file.


Share this post

Link to post
Share on other sites

I just realized that I didn't post that I got it to work. The other night I decided to start over with a knoppix hd install. All I had to do is install the patched orinoco drivers and bingo. Kismet and airsnort work just fine now.

Thanks much for all the help everybody.

kismet is awesome. I may never wardrive with netstumber again.


Share this post

Link to post
Share on other sites

Well, I guess I'm late. I just got a WPC11 from someone on the list and had everything working with Slack 9.0, custom 2.4.20 kernel, wlan-ng, and pcmcia-cs. Took about 45 minutes and works great. My only annoyance is that iwconfig doesn't work with the wlan-ng drivers.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0