Rasmus' Toys Page

Wh0a!

Hey rasmus, i was wondering what you thought of the linksys wsb24, and why you chose to get a directional hyperlink antenna over getting an amplifier that would rock your baby wrt54g's
OUT with an extra 14dbm average?

Can anyone give me a hand, having trouble getting kismet up and running I get the following error when I try and run kismet_drone:

Suid priv-dropping disabled. This may not be secure.
No specific sources given to be enabled, all will be enabled.
Enabling channel hopping.
Disabling channel splitting.
Source 0 (wrt54g): Enabling monitor mode for wrt54g source interface eth2 channel 6...
Source 0 (wrt54g): Opening wrt54g source interface eth2...
FATAL: ioctl: No such device

I've got a WRT54G and want to add a signal booster to it. I have the dual gain antenna and it's not quite enough to reach where I need it to. The booster for the 802.11b is avail but not to be used due to not certified yet?

Anyone know much about it-can I use it?

Todd

Great page...very helpful.

As I'm not a Linux person I had problems with the SCP part......this pagelink sorted it out for me and would be very useful if incorporated into this page.

http://scalnet.zapto.org/wakka.php?wiki=SamaDhi2

For those of you having troubles with scp try typing this:
man scp

q to quit when you have the knowledge.

scp /path/to/source/file username@destination_host:/path/to/destination/file

You will be promped for the password, copy one file at a time.

Lefty

Thanks for the info! Great stuff ... it works really well.

Has anyone run into the below issue when trying the kismet on Linksys WRT54G S/N CDF5 v2 series. "wl scan" produces error: "eth1: Invalid argument" Is there any fix for this issue?
Any help would be appreciated.

kismet_drone install success on openwrt
by ssh from laptop under debian (kismet) to windows2000.
howto http://scalnet.zapto.org/wakka.php?wiki=KisMet
wrt54g v1.1 firmware openwrt + laptop debian 2.2 woody(kismet-2004-04-R1)

The only way I could figure out how to get the kismet files onto my router is with winscp. How do you get kismet to run after that?

I had so many issues with the various instructions out there that I almost threw the damn router out the window!

First off: My particular WRT54g model with v2.02.2 firmware doesn't have the "client" setting. Furthermore, loading BuzzBox distro on it just to get a command-line prompt didn't help any...in fact, I couldn't set it into client mode via command-line at all. I was actually able to persuade it to go into Ad-Hoc mode to at least let me perform command-line scans, but kismet wouldn't run.

I eventually switched to the EWRT firmware (http://www.portless.net/ewrt/) and was able to get the router to turn off AP mode, scan and do all the normal stuff as well as start the drone without the "eth1" error (which I am assuming is a result of periodic scan requests coming from kismet to the router interface, which is stuck in AP mode).

The second issue folks may want to know about is that this particular precompiled build of the kismet_drone the author posted here is built from the development tree. If you get the stable version of the server (v3.0.1) you won't be able to talk to it.

I'm clueless about wireless; my neighbor has an Mac airport running and says I can use the signal if I want; all I ned is a ireless router and plug in my desktop? If the signal is too weak (thick walls) an omnidirectional antenna can be plugged into the router?

Thanks Doug! you saved me a bunch of hastle. Now i can use this thing to net stumble. The next step is to get it on battery power.

Hmm, Maybe I should mention that I tried all above firmwares on a v2 router, with no help - wl disassoc always returned eth1: Invalid argument.
That's until I tried doilg wl ap 0 - to get it out of ap mode.
Then wl disassoc still returned an error BUT wl scan didn't.
Let me know if it helped you.

wl scan will get the thing to change channels, but only for the second or so that the box is scanning. It won't continuously scan.

Right now I've got a program that telnets into it and runs wl channel commands on it every 100ms. Works great, but kismet doesn't know what channel it's on. Not a total loss though. I'm convinced though there has to be a way for kismet to be able to get it to hop on it's own. If you scroll up, you see in the log posted that says enabling channel hopping. I'm curious how that was done.

If it wasn't channel hopping you'd get a message immediately afterward saying "Disabling channel hopping... no sources are able to channel hop" or something like that.

forgot to say:
on sveasoft you have to deactivate channel 14 - dunno why.
AND of course, if you are located in the states, you have to remove the channels 12, 13 and 14 ...

regs
uof

How do you like the flat-patch antenna from Hyperlink? What type of increase in signal did you get if any?

TIA, -bob

I am in need of the same thing
Can you send me those step by step instructions for tweaking the signal
Email To saed1@earthlink.net

Hey, everyone...

I'm trying to get Kismet to work on my WRT54G V2 with the latest free (Satori 4.0G) firmware from Sveasoft and Kismet server 3.0.1 on a Debian box.

I've tried the kismet binary linked-to in the orig. post above as well as the mips binary available from kismetwireless.net.

Drone always appears to start-up fine on the wrt54g, but when I start-up the kismet server on my Debian box, I get errors on both the drone and server side.

Kismet server reports:"FATAL: capture child 15659 packet buffer empty and flagged as diseased, exiting", while Kismet_Drone reports:"Accepted streamer connection from 192.168.2.10
WARNING: Killing client fd 6 read error 0: Success". Any guidance would be appreciated. Thanks, Marc.

I'm running wolf's alchemy pre 5.3 w19a...
In this version.. when you run "wl scan".. it automatically re-associates with the last SSID joined so that you can 'survey' and not kill your client mode..

Does anyone have Kismet working with wolf's alchemy?

cd /path/you/are/using
wget http://whatever-url/

I have a version 2 using the latest sveasoft firmware. everything is seems to have installed correctly but when I try to run the kismet drone, it says that permission is denied.
what can I do to get it to run?

I have kismet_drone running on my WRT54G V2 and detecting various AP's, but kismet_drone is not reporting signal power levels or noise level back to remote kismet server. Is there a command line in the kismet_drone.conf file that has to be written to detect signal levels? Is the fact that kismet_drone is not channel hopping the cause of not reading signal power levels for all detected AP's.

wl1 scan results is giving me stuff, but on the actual kismet server I'm getting a mismatch of versions. says FATAL: capture child 6477 source drone: version mismatch: Drone sending version 8, expected 7 what is going on?

You probably need to download a newer version of the Kismet server and GUI.

I can't get kismet's channel hopping to work either, but I believe I had it working at one point in the past. Rather than kill myself trying to solve the problem now (later), I use this:

while true
do
wl scan 2>/dev/null
sleep 1
done

Any thoughts?

i have a problem with my WRT54G. it brings the following message if i try to start kismet_drone
/tmp/kismet/bin # ./kismet_drone
Suid priv-dropping disabled. This may not be secure.
No specific sources given to be enabled, all will be enabled.
Enabling channel hopping.
Disabling channel splitting.
Source 0 (wrt54g): Enabling monitor mode for wrt54g source interface eth1 channe
l 6...
Source 0 (wrt54g): Opening wrt54g source interface eth1...
FATAL: pcap reported netlink type 1 (EN10MB) for eth1. This probably means you'
re not in RFMON mode or your drivers are reporting a bad value. Make sure you h
ave the correct drivers and that entering monitor mode succeeded.
/tmp/kismet/bin #

i found out that on alchemy the device isnt eth1 or eth2, but prism0. just edit the kismet_drone.conf and insert source=wrt54g,prism0,wrt54g

then all will work fine,

did you try:

wl monitor 0
wl monitor 1

how do i fix this wrt side killing client fd 5 read error 131

linus box side failed reset ui server :tcp server ..()failed: addresse already in use

I have everything working, I appreciate everyone's comments here, it really helped!

What I would like to do is deploy these as Kismet remote drones and connect to them across a WAN, but, whenever I enable the Linksys as a "Client" in AP mode, it disables routing and I am unable to contact the Linksys remotely.

Any suggestions or ideas on how to make this work?

Depending on the firmware you're using on your linksys box depends on whether you can write to the flashrom or not. OpenWRT will do it. It's also possible to use OpenWRT on a wap54g (check the site on sourceforge for specific instructions).

you need to be in a user account not in root. make shure you add your user name to the config file

Hey there,

You write:

"I have found that the radio on it when cranked up to its full 84mw is better than any of my pcmcia cards including the 100mw Cisco-350 I normally use when I need to pick up some distant signal."

Although "wl -h" shows the txpwr command's values as being between 1-84, you can actually beef it up to 251 mw. (You can get it to 255 mw if you REALLY want to - email me if you're curious.)

Just issue the command:

wl txpwr 251

And volia. You can confirm it by typing

wl txpwr

and it will tell you that, indeed, it has been set to 251. (If you type something ridiculous in there, like wl txpwr 380 - it will accept it, but if you go wl txpwr to confirm, you'll see that it hasn't.)

If you thought 84 mw performance was good, wait until you see this.

Kind Regards,
-Mike.

after long ado, it's time to comeback to this project. After reading he replies I find that I am using a v3.0 branch and that it's not compatible with this precompiled mips....So I'm off looking for an old version of Kismet. Where are you guys finding old versions at? On the kismet site I find them, but they are in some 50 odd pieces, which doesn't make sense to me. I know all of you didn't save all those pieces did you? Any help would be great.

Works great for me. The WAP54g is nearly identical hardware wise to the WRT54g. I was working on a tutorial on my website but just realized I never finished it. The trick is, you need a specific version of kismet. I can't get the new builds tow ork on the waps or the wrts without getting segmentation faults. Also, the freya firmware for that wap is hard to find these days. I've got a copy of both, just e-mail me at brad@musatcha.com and I'll e-mail you a copy. I'll post here when I finish the article on my site.

It stripped out the bracketed stuff I had in there...

It should be cat "file with commands" | nc "wrt54g ip" 23

and http://"your server ip"/....

I have got kismet to work. Thanks for the great article.
Now I don't know how to connect to any of the detected networks (many of them without WEP).

I don't know which nvram variables I need to set on my WRT so that I can connect (and use internet ;)).

My setup:
- Debian machine running Kismet (client & server).
- connected through LAN port to a WRT54G v2.2 (running kismet_drone and openWRT).

were still getting freeinet bro!

Try changing to the channel manually, using wl channel. This will rule out any problems with the scripts.

whats the login and password when I telnet in?

The FTPPUT command works just fine to copy file to my WRT54GS. I'm using the DD-WRT fireware. There is all a FTPGET command.

Wow... it's been like a year since I read any articles on the wrt routers... doing some quick browsing online lead me to seattle wireless.... looked over that for days... finally decided to buy 2 wrt's... one from Walmart of all places and one from Sam's club - both were better priced than at the computer stores... I got the GS versions - one is a version 1 (BP = bubble pack) and one is a version 3... The version 3 I am probably going to take back to walmart (it cost more anyhow) because it has a reportedly inferior processor and smaller ram... see - http://www.linksysinfo.org/modules.php?name=Content&pa=showpage&pid=6

they have an excellent breakdown of hardware and pictures to boot for all the various versions and releases of the wrt54g and gs models... very helpful people too...

By the way - back to my point - browsing around I found a link to one of my fav shows (I must have missed this one) Tech TV - the screensavers - http://www.g4tv.com/screensavers/features/354/Dark_Tip_Linux_on_Linksys.html

who lightly touched on this whole crowd of ideas for linux on the wrt54g - they have links there which lead me to some great resources - INCLUDING THIS PAGE... wow! global exposure for you on there! Kudos!

-Eric
PS I've purchased a few very expensive access points with multi radio setups... the Strix OWS radios - Tempe, AZ WAZ metro (they covered the 40 square mile city with mesh networking and are using the STRIX units - I can see why)... I'd love to crack they propriatary firmware on their units for a smaller scale edge-client small mesh... imagine the possibilities if we could somehow port the capabilities of the strix units - which I believe are running on less hardware - but more of it and a lot more ruggidized - but imaine running a world class/carrier class (free community - my goal) WISP with QOS for VoIP and private vlans for segmented services (home users, business users, government) all on the wrt models?!! that would be a huge thing... (the ows units are severl thousand dollars each - but are the only TRUE mesh system capable of multihop and self healing bandwidth routing and remote management... - I am also using an AIRLOK (lok.com) for network services - spash portals, walled gardens, web/ftp/radius/ldap/mysql services - yeah there are ways to put nocatauth or something similar on the wrt for a simple splash authentication page - but the AIRLOK's openbsd's inherent security and a cute small form factor pc with amd64 high-speed processing power and openly available IDE (cheap) hard drives (the airlok uses maxtor - not my fav - but it works great!) and you have a really awesome network that ma bell would cry about...

this is my goal... use my strix stuff for the main backhauls to the smaller local mesh groups around the city and in business districts - of course up the ante with more in higher density areas - but share the net with everyone - for free - or have it sponsored by a city or chamber of commerce... It works - I've done it now with 2 strix units and 2 wrt's to testing - I made skype voip calls, google talk calls (never tried vonage) alongside 2 or 3 300k+bps downloads from various servers on east coast and west coast as well as from locally within the wireless WAN netowrk... flawless quality.... only problem is that I have not found a way to handle the "cell phone" style handshake of clients from one AP to the next - this has been solved with the strix units - affording for true seemless wen browsing and voip calling while moving from tower to tower ot AP coverage to the next... pretty neat stuff - it'd be neater if I could find some like minded folks with the time to help get the wrt to do this....

I see so many people trying to max out the servies on the wrt - see what else they can put on it... but I see that as just fun stuff... realistically in a commercial world if you want really use this exploit for cost savings or sharing - why not look at using it as an alternative to the higher priced APs and use it's 200mhz (GS models) with 32MB of RAM for quantifiable use - i.e. use it's power only as an AP by routing say 500+ users on that particular node in a mesh cluster - leave the web hosting, databases and bandwidth management up to a higher level linux box more easily managed - this enables you to have a very fast end/edge mesh cluster - add a single AP (like the strix) running a 5ghz backhaul (802.11a) to the main network for remote connectivity - and you can take over the world... just kidding.. but it's my idea that so far I am seeing many others have had similar ideas - but never all the pieces of the puzzle put together on how to do it... I have this now - all the equipment needed, the business models (or lack therof) the antenna modeling programs, (btw - for all of you just trying to figure out theoreticaly how far your signal will go - google "radio mobile" and download that FREE software - you can map everything in your neighborhood, state or world from several free databases online with elevation data and satellite images - I got very high resolution details on my neighborhood from the satellite immagery and elevation data - and was able to predict very closely the actual radiation patterns - and where I would need to increase power or directivity with panel/sector antennas, as well as calculate the line loss from various amplifiers, cables and lengths and other connectors - factoring that all into the links changes things significantly...

If any of you want to help - email me.... Eric@GoZippy.com
Other projects are to port the mesh network of wrt's to a CMS solution - like I said - not hosting the splash page on the wrt, rather directing traffic to a managed network would allow you to also route to a full web server where you could run a community portal site like Joomla, or Mambo or Drupal... all excelent cms solutions - I also like php-nuke and post-nuke...

I'm also working on porting a ACL to Joomla and possibly using radius or ldap for authentication on the community website over the wrt54gs mesh network... looking for help there too...

I have a WRT54GL 1.1

Correct kismet_drone.conf line on this hardware is:
source=wrt54g,eth1:prism0,wrt54g

IMPORTANT: apparently the prism0 interface has to be brought up manually before starting kismet. Use: "ifconfig prism0 up" . I have wasted a day not knowing this :P



Also the wl command tries to use eth1 and thus fails. Havent found out how to change that yet..

if you install kismet packets with openwrt it will install kismet on the etc dir and not the tmp dir