philippe::niquille | irregular niche market thoughts

The passive wireless sniffer Kismet always fascinated me! And the cool thing about the linksys wrt54g route is, that it can also run kismet with some small modifications, here you go:

• get the sveasoft firmware from the unofficial mirror
• get the MIPS Kismet binaries for the wrt54g. The one’s from kismetwireless gave me a “segmentation fault”..
• copy the kismet_drone to the /tmp dir on the wrt54g (I used WinSCP)
• copy kismet_drone.conf to /tmp/etc
• edit the file and modify the allowed hosts (depens on your network configuration: “allowedhosts=192.168.0.0/24″)enter a source (I used “source=wrt54g,prism0,Kismet-Drone”)
• enter the following commands to go to passive mode on a wrt54g shell:
  wl disassoc
  wl passive
  wl scan (just to scan if there is anything out there.. not really needed)
  wl scanresults
• start kismet_drone with /tmp/kismet_drone -f /tmp/etc/kismet_drone.conf

Now you have a working kismet_drone! The only thing left is to configure your kismet_server to capture the drone data. Try this:

• install Kismet on a linux machine. I compiled the latest sources on my home server.
• edit kismet.conf and change the suid_user to anything else than root, add the followig source:“source=kismet_drone,192.168.0.150:3501,drone”

Then start kismet (it also works trough a ssh connection ex. with putty) and you have a small surveillance system! I’m still working on a bigger project which goals are to make a huge IDS system with multiple kismet_drones which tunnel their data trough ssh tunnels to a server.
You can also use the kismet_drone for wardriving, I already have an article over at niquille.net.

Be aware, that the tmp dir will be deleted upon a power reset of your wrt54g.
Also consider attaching a different external antenna, than does standard non-efficient 2dbi omni tales.

Have fun, but don’t do anything stupid with kismet!