Updated for OZ 3.5.3
Kismet, you know it, you love it. Kismet is one of the most popular
wardiving tools for Linux. It's great because it can do RF monitoring
and pick up APs that are not broadcasting their SSID (aka:cloaked).
These instructions should help you get Kismet 2005-06-R1
working on your Zaurus. First we need to install Ncurses support to get
rid of errors like "Error opening terminal: xterm." To install ncurses
get ncurses_5.4-r7_arm.ipk and ncurses-terminfo_5.4-r7_arm.ipk
from the OZ 3.5.3 feed and libstdc++6_4.0.1-3_arm.deb from the Debian
packages site (http://packages.debian.org/unstable/libs/libstdc++6)
, then use these commands to install them:
ram install ncurses_5.4-r7_arm.ipk
ipkg-link add ncurses
ipkg -d ram install ncurses-terminfo_5.4-r7_arm.ipk
ipkg-link add ncurses-terminfo
ram install libstdc\+\+6_4.0.1-3_arm.deb
ipkg-link add libstdc++6
Now we can install Kismet, you can get the deb file for
it from the Debian packages site (http://packages.debian.org/unstable/net/kismet)
Use these commands to install it:
--force-depends -d ram install kismet_2005.06.R1-1_arm.deb
ipkg-link add kismet
SIDE NOTE: Now we will have to do some file editing.
I'm a lamer so I don't use the vi package that comes already installed,
I use Nano.You can find Nano in the OZ 3.5.3 feed or at my archive.
It's very easy to install:
ram install nano_1.3.5-r0_arm.ipk
ipkg-link add nano
Once you have installed Kismet edit the old kismet.conf
(/mnt/ram/usr/local/etc/kismet.conf , it could be in a different path
depending on where you installed it) to reflect the proper source
setting, for my
Ambicom WL1100C-CF 802.11b Wi-Fi card I used:
While your at it, it may be a good idea to change where
Kismet dumps log files. This could be useful if you want to dump a lot
of packets to a dump file so you can look at them in Ethereal on your
PC later. In my case, I just wrote them to the RAM mount:
If you have a Prism2 card you may just want to use my conf
file: kismet.conf. Basically all I
did was tell it to use hostap as the source, you may have to make some
changes if you don't use a Prism based card. Look for the "source="
setting, some possible choices might be:
Next edit the kismet script (/mnt/ram/packages/usr/bin/kismet
if you installed it to ram) and add the following lines right after
Or you can jus copy of my kismet script here. Now all you should have to do is drop
out to Opie Terminal and type:
You should now see the Kismet interface we all know and love.
After running Kismet you should see log files in /root with names like:
These are basically logs of all the APs you have found, but
the dump file is something special. The dump file contains captured
packets from the networks Kismet has detected, it's in TCPDump format
and can be loaded into other tools like TCPDump, Ethereal and Ettercap
to find out more information about what's running on the network the
packets were captured from. Don't forget to delete these files if you
start to run out of space on your Zaurus.
Thanks to Dave Dmytriw and this thread:
for helping me to get the latest version of Kismet to work.
Update 6/20/2005: Jake sent me the following info that
may help some of you that are having problems running Kismet:
|I followed the instructions and was getting an error
about 90% of the time that says "FATAL: channel get ioctl failed
This is resolved by ensuring that the interface is DOWN before
attempting to launch Kismet. Additionally, you have to wait 5-10
seconds after inserting the card (I'm using an Ambicom WL1100C on an
SL-5500 with OZ 3.5.1). It seems obvious but to someone inexperienced
with rfmon, it wasn't. It's not very similar to promiscuous mode on
So, to simplify the process, I just added "ifdown wlan0 &&" to
/usr/local/bin/kismet and I make sure I wait a few seconds before
attempting to start it. If it fails the first time, you can usually
just rerun kismet and it will work.
Have you had this problem? It was somewhat perplexing at first because
_sometimes_ Kismet would run fine and it took a couple hours to find
the sequence that got it started reliably.