Linux Unwired [Electronic resources]

Edd Dumbill, Brian Jepson, Roger Weeks

نسخه متنی -صفحه : 100/ 70
نمايش فراداده

10.5 Mapping Wi-Fi Networks with Kismet

We introduced Chapter 3 as a powerful network scanner. You can also use it in conjunction with GPSd to map out the locations of Wi-Fi networks. (For the basics of getting Kismet running, see Chapter 3.) Once you have Kismet and GPSd up and running, you can make them work together.

Safety

If you plan to do some network mapping with Kismet, keep the following in mind:

Put the computer somewhere safe and out of the way. Don't put it someplace where a sudden stop will send it into your lap or through a window.

Forget that the computer is there while you are driving. If you have to fiddle with it, pull over first. If you can have a friend driving with you who can operate the computer, all the better. Do not let the computer distract you while you are driving.

Make sure that the GPS gets a fix before you start driving. It may be hard for it to get a fix while you are in motion.

Put the GPS somewhere where it can easily pick up the satellite signals. Your best bet is to get a magnetized external antenna that can attach to your roof. Be sure that there are no loose wires sticking out of your window. Don't slam the wires in the door!

Above all, when you are driving a car, your first responsibility is to drive safely. Pay attention to the road and drive carefully.

To map networks with Kismet and GPSd:

(Optional.) Load any modules needed for the serial port you're using for the GPS:

$ sudo modprobe pl2303
$ dmesg | grep tty   
ttyS00 at 0x03f8 (irq = 4) is a 16550A
ttyS02 at 0x03e8 (irq = 4) is a 16550A
usbserial.c: PL-2303 converter now attached to ttyUSB0 
(or usb/tts/0 for devfs)

Start GPSd, specifying the serial port with -p and the speed with -s:

$ sudo gpsd -D9 -p /dev/ttyUSB0 -s 4800

Telnet to GPSd and use p until you have a reliable fix; you can disconnect when you are done:

$ telnet localhost 2947
Trying 127.0.0.1...
Connected to debian.
Escape character is '^]'.
p
GPSD,P=0.000000 0.000000
p
GPSD,P=41.485882 -71.524841
^]
telnet> q
Connection closed.

Launch Kismet with the -g (GPS) switch and specify the hostname and port that GPSd is listening on:

$ sudo kismet -g localhost:2947

Go for a drive. Press Q when you are done with the drive to terminate Kismet.

When you shut down Kismet, it writes its log files. Check the logtemplate setting in kismet.conf to see where it puts its log files:

logtemplate=/var/log/kismet/%n-%d-%i.%l

Kismet writes several log files in the logtemplate directory (I starts at 1 and increments for each time you run Kismet on a given day):

Kismet-<MMM-DD-YYYY>-I.csv

Kismet log in semicolon-separated fields, one line per entry. The first entry contains the field names.

Kismet-<MMM-DD-YYYY>-I.dump

Kismet log in a pcap(3) format suitable for loading under Ethereal (http://www.ethereal.com).

Kismet-<MMM-DD-YYYY>-I.gps

Kismet log in a format designed to be read by the gpsmap utility, which is included with the Kismet distribution.

Kismet-<MMM-DD-YYYY>-I.network

A human-readable dump of the networks that Kismet encountered.

Kismet-<MMM-DD-YYYY>-I.xml

Kismet log in an XML format.

When you're done with Kismet, you must reassociate your Wi-Fi card with the network. This can sometimes be done by restarting PCMCIA card services or removing and reinserting the card, but it resulted in a kernel panic in some of our tests. Our workaround was to use a second network card for network connectivity and let Kismet have its way with the Prism-based card on wlan0.

To generate a map, run gpsmap on the .gps log file. See the gpsmap manpage for all the drawing and mapping options. If you choose to use a downloaded map (the default), you must be online. Figure 10-8 shows a map generated by the following command:

$ gpsmap -S3 -p /var/log/kismet/Kismet-Feb-16-2004-5.gps

The -S option specifies which map server to use (0 = MapBlast;1 = MapPoint;2 = Terraserver; 3= Tiger Census). If you have trouble with one, try another (Tiger is loosely maintained by the Census Bureau and is not up 100 percent of the time). Use -p to show power levels or -e to plot simply the locations of the hotspots on the map (see the gpsmap manpage for more options).

Figure 10-8. Wi-Fi power levels in the Kingston, Rhode Island area