kismet Kismet - Now working on Pineapples!

[b0N3z]

26 minutes ago, Just_a_User said:

did either of you guys experience a packet backlog? notification? i seem to recall that... just reflashed so not installed atm

I have and figured it was from not having enough memory so i added a usb with 1gb of swap on it and mounted the rest of the usb as /sd for storage.  Still got the error after but it was weird because I have been running 3 radios and never got the message but with only 1 radio I did.  So I have kinda ignored it so far.

[Just_a_User]

Fresh install on a factory fresh Tetra - i get errors

root@TETRA:~# opkg install *.ipk
Installing kismet-remote (26.05.2018-1) to root...
Installing kismet (28.05.2018-0) to root...
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kismet-remote:
 * 	libprotobuf-c * 
 * opkg_install_cmd: Cannot install package kismet-remote.
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kismet:
 * 	libdw * 	libmicrohttpd * 	libcap * 	protobuf * 	libprotobuf-c * 	python * 	python-setuptools * 	python-pip * 
 * opkg_install_cmd: Cannot install package kismet.
root@TETRA:~# 

 

[b0N3z]

4 minutes ago, Just_a_User said:

Fresh install on a factory fresh Tetra - i get errors

root@TETRA:~# opkg install *.ipk
Installing kismet-remote (26.05.2018-1) to root...
Installing kismet (28.05.2018-0) to root...
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kismet-remote:
 * 	libprotobuf-c * 
 * opkg_install_cmd: Cannot install package kismet-remote.
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kismet:
 * 	libdw * 	libmicrohttpd * 	libcap * 	protobuf * 	libprotobuf-c * 	python * 	python-setuptools * 	python-pip * 
 * opkg_install_cmd: Cannot install package kismet.
root@TETRA:~# 

 

did you "opkg remove kismet kismet-remote"?  Ive noticed you can only install one or the other.  I have not tried the kismet-remote yet, just kismet itself.  I have only seen these errors when trying to install both.

[Just_a_User]

1 minute ago, b0N3z said:

did you "opkg remove kismet kismet-remote"?  Ive noticed you can only install one or the other.  I have not tried the kismet-remote yet, just kismet itself.  I have only seen these errors when trying to install both.

It was the first install after factory firmware flash and update to 2.1.0 - there was no kismet installed before this attempt.

[b0N3z]

your trying to install both at the same time.  do one then the other. Pretty sure you will get the same error message.

i also never got the errors for unsatisfied dependencies installing kismet

[Just_a_User]

4 minutes ago, b0N3z said:

your trying to install both at the same time.  do one then the other. Pretty sure you will get the same error message.

as the kismet failed neither were installed. Or at least neither show up in list-installed.

root@TETRA:~# opkg list-installed | grep kismet
root@TETRA:~# opkg install kismet_28.05.2018-0_ar71xx.ipk 
Installing kismet (28.05.2018-0) to root...
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kismet:
 * 	libdw * 	libmicrohttpd * 	libcap * 	protobuf * 	libprotobuf-c * 	python * 	python-setuptools * 	python-pip * 
 * opkg_install_cmd: Cannot install package kismet.
root@TETRA:~# 

I had this installed before  when we needed the libmicrohttpd file. this is a brand new install.

[b0N3z]

i dont know thats weird.  I just opkg remove kismet and then installed the new kismet.ipk.  I did a factory reset after zylla released the second ipk and had no errors on install.

[Just_a_User]

Just now, b0N3z said:

i dont know thats weird.  I just opkg remove kismet and then installed the new kismet.ipk.  I did a factory reset after zylla released the second ipk and had no errors on install.

I think if you did a firmware recovery and upgrade then tried to install without the libmicrohttpd you would have same errors. Just a hunch.

[b0N3z]

I never installed his version of libmicrohttpd.   Im using the version that came installed on the firmware. libmicrohttpd - 0.9.38-1.2

[Just_a_User]

31 minutes ago, b0N3z said:

I never installed his version of libmicrohttpd.   Im using the version that came installed on the firmware. libmicrohttpd - 0.9.38-1.2

really? now thats unexpected...

EDIT - my bad i didnt have any libmicrohttpd installed after a firmware recovery and upgrade to 2.1.0. so that was my issue. works after installing the unmodified libmicrohttpd from opkg.

[Just_a_User]

1 hour ago, Zylla said:

The issue with manufacturers not showing up, might be because kismet doesn't like aircrack's version, or unable to read it correctly.
Will look into that as well!

its a weird one, as the kismet info says it can share wiresharks OUI db and thats similar format as aircrack by the looks of it :-

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf

Ahh wait, the aircrack-ng db has (HEX) appear between MAC and Manufacturer.

Confirmed - i copy paste the link above to a manuf file in /etc/ and Kismet picks it up and works. @b0N3z maybe try that.

manuf

[b0N3z]

1 hour ago, Just_a_User said:

its a weird one, as the kismet info says it can share wiresharks OUI db and thats similar format as aircrack by the looks of it :-

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf

Ahh wait, the aircrack-ng db has (HEX) appear between MAC and Manufacturer.

Confirmed - i copy paste the link above to a manuf file in /etc/ and Kismet picks it up and works. @b0N3z maybe try that.

manuf

That did fix it.  nice find @Just_a_User  

[Just_a_User]

3 hours ago, b0N3z said:

I have and figured it was from not having enough memory so i added a usb with 1gb of swap on it and mounted the rest of the usb as /sd for storage.  Still got the error after but it was weird because I have been running 3 radios and never got the message but with only 1 radio I did.  So I have kinda ignored it so far.

It is a weird one,  do you think its CPU? memory seems no where near fully used.

EDIT - im seeing CPU at 100% a lot while running

EDIT EDIT - not 100% sure but if I use WLAN0 and WLAN1 CPU fluctuates and i dont get the Alert - If I involve a WLAN2 radio I get CPU 100% and eventually the backlog alert

 

[b0N3z]

@Just_a_User I will look into this later today or tomorrow.  what usb wifi dongle are you using?  I have been using a tp-link w722n and im going to try with my Alfa AWUS051NH because it has 5ghz and can be put in monitor mode.  also as stated on the kismet github, some drivers for wifi chips act a little funny.

    Devices known to have issues:
        - ath9k Atheros 802.11abgn cards are typically the most reliable, however
          they appear to return false packets with valid checksums on very small
          packets such as phy/control and powersave control packets.  This may
          lead Kismet to detect spurious devices not actually present.
        - ath10k Atheros 802.11AC cards have many problems, including floods of
          spurious packets in monitor mode.  These packets carry 'valid' checksum
          flags, making it impossible to programmatically filter them.  Expect
          large numbers of false devices.
        - iwlwifi Intel cards appear to have errors when tuning to HT40 and VHT
          channels, leading to microcode/firmware crashes and resets of the card.
          Kismet works around this by disabling HT and VHT channels and only
          tuning to stock channels.
        - rtl8812au Realtek 802.11AC cards, such as the Alfa 802.11AC USB cards,
          have no in-kernel drivers.  There are many variants of the out-of-kernel
          driver, however most do NOT support monitor mode.
          A variant of the one driver currently known to work in monitor mode,
          with patches to compile on modern kernels, is available at:
          https://github.com/kismetwireless/rtl8812au

 

[Just_a_User]

getting some restarting alerts also, seems to continue well, no no crash or anything but worth a note also.

 

[b0N3z]

havent got those yet

[Just_a_User]

4 minutes ago, b0N3z said:

@Just_a_User I will look into this later today or tomorrow.  what usb wifi dongle are you using?  I have been using a tp-link w722n and im going to try with my Alfa AWUS051NH because it has 5ghz and can be put in monitor mode.  

I'm currently using an Alfa AWUSO36NH but will dig out my TP-LINK w722h to see if the issue drops , thanks for info @b0N3z

[b0N3z]

it probably doesnt help that both tetra radios are ath9k.  seems like kismet has a problem with them. but also state they are the best most reliable lol so problem with kismet itself

[b0N3z]

so just a thought.  Just reset my nano and installed the kismet remote.... how possible would it be to have the nano plugged into the tetra so you had 4 radios.  To much? Just a thought, maybe trying to try it when i have more free time.

[Zylla]

Sorry guys, i barely got any time to work on this yesterday.
Kinda had a "family crisis" situation occur.
Wife lost her job yesterday because of people spreading lies to her employer. So we had a crappy day, to put it mildly.

I'll see if i can do some more testing and debugging with Kismet today. It'd be awesome if i could make a module for this. ?
Perhaps i'll give that a go today, we'll see ?

[Just_a_User]

39 minutes ago, Zylla said:

Sorry guys, i barely got any time to work on this yesterday.
Kinda had a "family crisis" situation occur.
Wife lost her job yesterday because of people spreading lies to her employer. So we had a crappy day, to put it mildly.

I'll see if i can do some more testing and debugging with Kismet today. It'd be awesome if i could make a module for this. ?
Perhaps i'll give that a go today, we'll see ?

Pretty crappy employer if they believe rumors... might not feel like it now but maybe better off without them ? As always bud, Family first! No rush.

[Just_a_User]

18 hours ago, b0N3z said:

so just a thought.  Just reset my nano and installed the kismet remote.... how possible would it be to have the nano plugged into the tetra so you had 4 radios.  To much? Just a thought, maybe trying to try it when i have more free time.

I was thinking about the cpu issue and how it might be better to run it on a Bashbunny plugged into a tetra and do the kismet_remote thing to send from the pineapples to the Bashbunny lol. just thinking out loud.

[Zylla]

9 hours ago, b0N3z said:

so just a thought.  Just reset my nano and installed the kismet remote.... how possible would it be to have the nano plugged into the tetra so you had 4 radios.  To much? Just a thought, maybe trying to try it when i have more free time.

I assume you mean connecting the Nano to the Tetra's USB port?
It's a good idea! But, i think power could be a "bottleneck", which could cause all sorts of problems.
I don't remember the specs out of my head, i think the max load of a USB 2.0 port is normally 500mA, and 900mA on a USB 3.0 port.
Try running this on a SSH terminal to the Tetra, it should display the output: (might need to connect the Nano first) 

lsusb -v | egrep "^Bus|MaxPower"

 

[elkentaro]

You probably are better off by using the pineapples as a remote and off load the kismet server to something else, even a RPi. 

[b0N3z]

3 hours ago, elkentaro said:

You probably are better off by using the pineapples as a remote and off load the kismet server to something else, even a RPi. 

kind of what I figured and @Zylla you would definitely have to use the y-cable with a battery or some kind of power to make sure the nano is fully powered