Wednesday, November 9, 2011

Kismet G+ page

I started a G+ page for Kismet here.  Expect announcements and such here, and shorter comments on the G+ page.

Tuesday, August 9, 2011

Spectools 2011-08-R1 is out

Spectools has a new release!  This version supports the Wi-Spy DBx2, 24x2, as well as adding support for the Ubertooth project (a bluetooth sniffer also capable of acting like a spectrum analyzer)

Thursday, July 28, 2011

Embedded XSD

Looks like it IS possible to embed XSD data inside the XML, meaning we don't need to make an XSD file for each kis/gps xml file we generate.

Expect the new kisxml format to be based on this example:
https://www.kismetwireless.net/code/svn/trunk/xml/contained.xml

which valides with xmlstarlet and seems to output a sane collection of xpaths when dom-parsed:

k:run
k:run/xs:schema
k:run/xs:schema/xs:import
k:run/xs:schema/xs:import
k:run/xs:schema/xs:import
k:run/xs:schema/xs:import
k:run/xs:schema/xs:import
k:run/xs:schema/xs:element
k:run/version
k:run/startTime
k:run/endTime
k:run/captureSource
....
k:run/device/deviceMac
k:run/device/name
k:run/device/firstSeen
k:run/device/lastSeen
k:run/device/frequencySeen
k:run/device/frequencySeen/frequency
k:run/device/packetLink
k:run/device/packetData
k:run/device/packetFiltered
k:run/device/packetError
k:run/device/dataBytes
k:run/device/type
k:run/device/ssid
k:run/device/ssid/firstSeen
k:run/device/ssid/lastSeen
k:run/device/ssid/type
k:run/device/ssid/essid

The extended device elements are cleanly integrated into the DOM.

This file also presents no problems to the Python XML parser ETree, so I think it's going to be fairly reasonable to implement tools using it.

If you handle XML from Kismet, let me know / stop by IRC.

Tuesday, July 26, 2011

Fixing the Droid 3 reboot

Just a followup to the previous post asking for a contact at Moto, and to keep the info out there for anyone with a Droid 3 suffering frequent reboots.

If your new Droid 3 reboots constantly when you're on the edge of cell coverage areas, when turning it on or off, placing it in your pocket, or when using wifi, this seems to be the solution.

The bug appears to be directly tied to the restoration of saved wifi configurations from your google profile.

Go into the wifi configuration screen, go to "manage networks", and remove ALL networks from the list.

You can re-add networks, but you must do it from the droid3 wifi config.  The problem doesn't seem to be the networks, it seems to be the way they're restored.

As from the previous post, the google bug for this is at:
http://code.google.com/p/android/issues/detail?id=18460

which includes stack traces for anyone at Moto who is able to debug the root cause of this and initiate a fix.  It would probably be a reasonable thing to star the bug to raise it's priority, although it seems to be a motorola bug, not a google android one.

Wednesday, July 13, 2011

Looking for a contact in the motorola android division

I've been debugging a nasty reboot/crash bug on the Droid 3 and have logs including the fault address (consistent) and stack traces leading up to it (system_server has a poo, followed by everything else in the android environment).

If anyone works at (or has a contact at) the motorola android division, please, let me know.

Tuesday, July 5, 2011

XSD is a cruel joke

In an attempt to both support phy-neutral plugins dynamically adding logging attributes to the XML and supporting proper validation, the only reasonable path is XSD schemas with namespaces.  For something so extensively documented, it's very difficult to properly comprehend.

Amazingly, it looks like it IS possible to define relatively dynamic schemas, extend existing common elements, and still validate.


Thursday, June 30, 2011

I'm sophisticated!

“Further, plaintiffs plead that the data packets were transmitted over Wi-Fi networks that were configured such that the packets were not readable by the general public without the use of sophisticated packet-sniffer technology[wired]

Maybe I'll start going to cons with a tophat and monocle.

Monday, June 20, 2011

Other people working with Kismet and Ruby

Michael Boyd has been hacking on the ruby interface to Kismet and has some scripts to log to a mysql database.  Pretty handy stuff.

Monday, April 4, 2011

Kismet 2011-03-R2

New release to address a crash bug in Kismet when operating as a drone (either kismet_server or kismet_drone).

Just an internal API drift causing a null pointer when enumerating sources - nothing exciting from a bug/security standpoint.

Get it at the usual place

Sunday, April 3, 2011

Kismet 2011-03-R1

Released 2011-03-R1 at the usual spot.


2011-03 fixes problems with changes in ncurses 5.8 (for the few distributions which picked it up already) and is REQUIRED for Kismet to work with ncurses-5.8.  Also introduced is marginally more accurate GPS averaging (still all the problems of weighting and averaging, but eliminates the float drift), some compile time updates, other minor tweaks.

Under the covers 2011-03 also contains the start of the new phy-neutral common tracker layer, which will be replacing the current model of an 802.11-centric tracking layer.  Anyone working on capture plugins for non-dot11 protocols should start taking a look at the new tracking layer.  The dot11 tracking is being ported to the new layer and eventually they old tracking code will be disabled.

Tuesday, January 18, 2011

Kismet 2011-01-R1

New Kismet release, 2011-01-R1.

Lots of bugfixes (netxml reference, 802.11d, mac80211 on legacy cards, client preferences, client display options)
Ruby network API and example clients
Wifi NIC performance shoot-out tool
WPA Migration Mode detection
GPS logging in PPI pcap files
Per-capture source per-network and per-client signal tracking
Packaging scripts

Source and (some) packages available at the Kismet site

Ubuntu 32 and 64 bit packages also available on the Kismet download page, since Ubuntu seems to have stopped updating years ago and seems determined to ship code several years out of date.

Thursday, January 6, 2011

Playing with Kismet clients

Since there was a request on the Kismet forum for a way to log to SQL, and since Rick has been bugging me for some time about doing a NIC shootout plugin to compare sniffing performance of various cards, I decided it was time to do some more Kismet client work to serve as examples.

Found in the ruby/ directory of the source, kismet.rb provides a dead simple way to interact with the Kismet server by subscribing to sentences and issuing commands, both with optional callbacks for command completion.

Logging data to SQL is as simple as opening a database with SQLite, converting the BSSID to a 64bit integer for fast comparison as the primary key, and inserting or updating rows depending on if the data was already present.  The current example code logs only a few fields, patches welcome for more complete logging.

The NIC Shootout code requires a little more work - namely, taking interfaces provided by the user and finding the source UUID by subscribing to the *SOURCE sentence, ordering cards to lock channel via the HOPSOURCE command, and maintaining enough state to know that all the selected sources have updated (since Kismet sends a *SOURCE sentence per capture source) and printing out the output.  Including 'pretty' output which updates a single screen instead of printing a line per output, the whole script weighs in at just around 300 lines.

Hopefully the additional examples of using the Ruby API will inspire people to develop more utility clients for Kismet.

A small bit of ruby later:

dragorn@drd1812 ~/src/kismet/ruby $ ./kismet_shootout.rb --pretty wlan0 wlan1 wlan3

INFO: Kismet NIC Shootout
      Compare capture performance of multiple NICs

INFO: Connecting to Kismet server on localhost:2501
INFO: Testing sources wlan1, wlan3, wlan0 on channel 6
INFO: Found card UUID d46ae184-19af-11e0-9749-6404941be201 for wlan0
INFO: Found card UUID e5a10428-19ce-11e0-9749-0d04111be301 for wlan1
INFO: Found card UUID 0b27d438-19cf-11e0-9749-0f04131be501 for wlan3
INFO: Locking wlan1, wlan3, wlan0 to channel 6
INFO: Waiting for sources to settle on channel...

           PPS    Total Pcnt  Total
   wlan3    22     2001  59%
   wlan1    21     2112  62%
   wlan0    38     3372 100%
                                 81

[Edit - Updated to reflect new arguments to shootout]