Chapter 4: Installing Kismet in Slackware Linux 9.1

Introduction

Kismet is the most popular WarDriving application for Linux users. Unlike NetStumbler, Kismet is a passive wireless scanner. A passive scanner does not broadcast, it simply “listens” for any traffic on the 802.11 bands. To accomplish this, the wireless card must be put into monitor mode. Contrary to popular belief, monitor mode and promiscuous mode are not the same thing. Monitor mode allows the card to capture packets without associating with a specific network. Promiscuous mode allows the card to capture any packets transmitted on the network that the card is associated with. Kismet requires monitor mode because it can be configured to channel hop. Channel hopping is configuring the card to listen on a channel for a specified time frame and then change or “hop” to another channel. Channel hopping allows Kismet to discover wireless networks that are broadcasting on any of the 802.11 specified channel frequencies. Getting a card into monitor mode has generally been the stumbling block for new WarDrivers that want to use Kismet. Enabling monitor mode on many cards can be a frustrating, if not difficult, process. This chapter details the process of enabling monitor mode on two of the most common chipsets: Hermes and Prism 2.

In addition to its other features, Kismet doesn’t rely on the Service Set Identifier (SSID) broadcast beacon to determine the existence of a wireless access point. Therefore, more access points can often be discovered. This is useful while WarDriving and when attempting to find rogue access points that a user may have attached to your corporate network.

However, one problem that Linux users face when attempting to install Kismet is the diversity offered among different distributions. Fedora Linux has a different file structure than SuSE Linux, while both of these differ from Slackware Linux. These are only a few of the many distributions to choose from. However, as Fedora Linux and Slackware Linux are two of the most popular Linux distributions for WarDrivers, we will focus on these. This chapter details how to prepare your Slackware Linux 9.1 installation for use with Kismet. While, in the next chapter, the steps you need to take for Fedora Linux are presented.

Upgrading the 2.4.22 kernel to 2.4.23 using the Slackware packages also requires that the ALSA sound packages be upgraded. Slackware has provided these packages at:

• ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/_packages/alsa-driver-0.9.8-i486-1.tgz

• ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/_packages/alsa-lib-0.9.8-i486-1.tgz

• ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/_packages/alsa-oss-0.9.8-i486-1.tgz

• ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/_packages/alsa-utils-0.9.8-i486-1.tgz

Depending on your configuration, additional package upgrades may also be required. For more information on this vulnerability and upgrading your kernel packages, refer to the Slackware security advisory at: www.slackware.com/security/viewer.php?l=slackware-security&y=_2003&m=slackware-security.718266.

In older versions of Slackware Linux, a kernel upgrade or modification was often required to use Kismet. That is no longer the case. The stock kernel that ships with Slackware 9.1 is version 2.4.22. This kernel does not need to be upgraded or modified to use Kismet. The kernel used in this walkthrough is the 2.4.23 kernel. The stock kernel was upgraded to address a Linux kernel vulnerability related to the do_brk() function that could lead to a root level compromise. I recommend upgrading your kernel to version 2.4.23 or later. Slackware has provided kernel upgrade packages at:

• ftp://ftp.slackware.com/pub/slackware/slackware-9.1/_patches/packages/kernel-ide-2.4.23-i486-1.tgz

• ftp://ftp.slackware.com/pub/slackware/slackware-9.1/_patches/packages/kernel-modules-2.4.23-i486-1.tgz

• ftp://ftp.slackware.com/pub/slackware/slackware-9.1/_patches/packages/kernel-source-2.4.23-noarch-2.tgz

Kismet is a robust program. For many WarDrivers, the allure of finding access points that are not broadcasting SSID alone makes Kismet their choice. For others, the ability to WarDrive while using their favorite Linux distribution is the key. Either way, Kismet offers Linux WarDrivers an alternative to NetStumbler.