As a long-time Kismet user, but new to Raspberry Pi, I was interested to see if anyone else had run Kismet on a Raspberry Pi. I discovered a paper written for SANS about using Kismet on a Raspberry Pi Model B, and set out to use those instructions to build my own, only for the Pi 2 Model B. The Pi 2 Model B is an update to the original Model B platform that brings a lot more processing power to the table. Using only 50mA more power than a 1st generation Model B, the Pi 2 Model B uses a quad core processor at 900Mhz complemented by 1GB of RAM. The original Model B utilized a single core processor with 512MB RAM. This makes the Pi 2 Model B a much more capable device, and should be able to handle the improvements and new features being made to the Kismet package.
I was pleasantly surprised to discover that the Kismet package was being updated – the original paper covered the installation of version 2013-03-R1b. This paper covers the building and installation of kismet-2016-01-R1.
Original War Pi paper:
War Pi, written by Scott Christie, email@example.com
What follows is meant to augment the original paper, and document only what is necessary to get the casual user up and running. The user is responsible for any additional research into setting up the Pi 2 Model B with installation of the OS.
- Raspberry Pi 2 Model B (also known as Pi 2)
- 2016-02-26-raspbian-jessie-lite installed to microSD (>8GB)
- SSH access to the freshly installed OS
- Internet access for Pi to download updates
- USB GPS (GlobalSat BU353S4)
- USB Wireless adapter, capable of promiscuous mode (TP-Link WN-722N 802.11 b/g/n)
or (Alfa AWUS051NH v2 802.11 a/b/g/n)
- Battery power source (2A or better preferred – Alfa needs the extra)
Prior to downloading and installing Kismet, there are some dependencies that have to be met. Make sure to update the environment before adding the additional packages.
# sudo apt-get update
# sudo apt-get upgrade
Now install the following packages that are dependencies for Kismet:
# sudo apt-get install gpsd
# sudo apt-get install libncurses5 libncurses5-dev
# sudo apt-get install libnl1 libnl-dev
# sudo apt-get install libpcap-dev libpcap0.8 libpcap0.8-dev
I recommend adding the following packages:
# sudo apt-get install gpsd-clients
The following command will download the most recent Wireshark IEEE OUI file for Kismet to correlate detected MACs to manufacturers. This step is optional.
# wget -O manuf “https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf”
# sudo cp manuf /etc/.
Download and Extract Kismet
The version used for this build was Kismet 2016-01-R1.
# wget https://www.kismetwireless.net/code/kismet-2016-01-R1.tar.xz
Note: If you get SSL errors using wget, add ‘–no-check-certificate’.
Once downloaded, extract the files, then navigate into the new directory that was created.
# sudo tar –xf kismet-2016-01-R1.tar.xz
# cd kismet-2016-01-R1
Compile and Install Kismet
Kismet follows the standard build process, first you run the configuration script. You may receive some warnings, but if all dependencies are met, then proceed to compile. Compiling takes some time, and you will see warnings, mostly about unused variables. No need for concern unless Kismet does not work later, then you can go back and review the warnings, and check in at the Kismet forums or IRC to see if anyone else has a similar issue.
# sudo ./configure
# sudo make dep
# sudo make
# sudo make install
Kismet must be configured to use the correct GPS, wireless adapter, and store logs. Configuration is done in the kismet.conf file that is in /usr/local/etc. (NOT /etc)
# cd /usr/local/etc
# sudo vi kismet.conf
(or use the editor of your choice)
The following are the parameters I modified, all other fields were left to default:
logprefix=/home/pi/kismet ncsource=wlan0 writeinterval=120
GPSD must be configured to address the GPS device, and to automatically start up when booting.
Connect the USB GPS. Confirm that the system recognizes it.
# dmesg | grep ttyUSB0
This command should display something like: “usb 1-1.5: pl2303 converter now attached to ttyUSB0” This confirms the serial driver for the USB GPS is in place.
Edit the GPSD startup file in /etc/default.
# cd /etc/default
# sudo vi gpsd
The following are the parameters I modified, all other fields were left to default:
NOTE: if your GPS is connected to a different device name, substitute it as needed. The following command must be run every time the /etc/default/gpsd file is modified or updated.
# sudo dpkg-reconfigure gpsd
Leave the GPS plugged in, and reboot.
Confirm GPSD Functionality
After rebooting, GPSD should start automatically. To confirm it started:
# ps ax | grep gpsd 826 ? S<s 1:06 /usr/sbin/gpsd -N /dev/ttyUSB0 <<< Confirms GPSD is running 911 pts/0 S+ 0:00 grep --color=auto gpsd
In order to test the GPS, running cgps will start an ncurses interface that displays GPS data as it comes in. To exit cgps, type ‘q’.
# sudo cgps
Configure Wireless Adapter
There is no real configuration of the adapter necessary. A confirmation that the adapter is installed and functioning is necessary, however. We are looking for wlan0, since we set our capture source to that in the kismet.conf file.
This will display all wireless adapters. Confirm wlan0 is shown.
wlan0 IEEE 802.11bgn ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off
Confirm Kismet Functionality
BEFORE LAUNCHING KISMET FOR THE FIRST TIME:
Create the log file directory.
# sudo mkdir /home/pi/kismet
# sudo chmod 777 /home/pi/kismet
Launch Kismet manually to confirm proper operation. This is critical as it will confirm configuration and functionality of you USB GPS and wireless adapter.
# sudo kismet
Kismet should launch.
You will get a warning that you should not run as root. Select [ OK ].
You will get a prompt asking you to start the kismet server. Select [ Yes ] and then [ Start ]. You are now looking at the server console window. Select [ Close Console Window ]. The Kismet Client interface will now be visible and functional. Confirm that wireless access points are being detected, and that the GPS location is being reported.
Exit Kismet Client using ALT to activate the top menu, and then arrow down to select Quit. When prompted to kill the kismet server, select [ Kill ].
Configure Kismet Startup
Similar to GPSD, we are going to configure Kismet to start automatically on bootup. Unlike GPSD, there is no pre-existing file to configure so we will build one from scratch. (called ‘kismet’) This will also allow us to issue stop and start commands like other services. We are also building in a 30 second startup delay to allow time for the GPS and wireless adapter to start.
# cd /etc/init.d
# sudo vi kismet
#!/bin/sh ### BEGIN INIT INFO # Provides: kismet # Required-Start: $all # Required-Stop: $local_fs $remote_fs $syslog $network # Default-Start: 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start kismet at boot time # Description: Starts kismet at boot time ### END INIT INFO case "$1" in start) echo "Starting kismet" /bin/sleep 30 /usr/local/bin/kismet_server --daemonize ;; stop) echo "Stopping kismet" killall kismet_server ;; *) echo "Usage: /etc/init.d/kismet start|stop" exit 1 ;; esac exit 0
Once the script has been saved, make it executable.
# sudo chmod +x kismet
Activate the script to start at the appropriate runlevels.
# sudo update-rc.d kismet defaults
Now you can stop and start the Kismet at will. This is useful after a capture session to shut down the kismet server gracefully.
# sudo /etc/init.d/kismet stop
To start again, issue the start command.
# sudo /etc/init.d/kismet start
Verify Everything Works
REBOOT. After rebooting, you should see log files being written to /home/pi/kismet. Let it run for a few minutes to allow everything to sync up.
Using the Alfa AWUS051NH v2 instead of the TP-Link WN-722N
The Alfa AWUS051NH v2 requires extra power to operate. In order to get the Pi 2 to provide that extra needed, you must modify the /boot/config.txt file by adding:
This will allow the Pi2 to provide 1.2A current to the USB ports.
*** USE AT YOUR OWN RISK ***
You must use a battery power supply that is capable of delivering that amount of current. I purchased the MoKo 9000mAh Portable Power Bank Battery Charger 2.4A Output from Amazon and it worked well.
The original War Pi paper instructions made edits to the /etc/rc.local file in order to launch the kismet server at startup. This was a crude method that worked on the Pi Model B, but no longer works as the kismet server seemed to always start ahead of the wireless adapter, and left the kismet server in an error state with no capture source. While I am sure that Kismet would eventually recover, I decided to create a proper startup script, with the added benefit of the ability to properly start and stop the kismet server at will.
Another deviation in this paper is the use of the TP-Link WN-722N adapter. Since this implementation was meant to run on battery power, I felt it was not necessary to use a high power card such as the Alfa. The TP-Link is a much lower power card, and has suitable enough gain and sensitivity for most applications, but like the original paper, is limited to b/g/n. It is also smaller and easier to carry. In my experiments with the Alfa AWUS036NHA (b/g/n) and the Alfa AWUS051NHv2 (a/b/g/n), the USB circuit protection kicked in and prevented the adapter from operating. The original Pi Model B did not have this protection so it is likely the author of the paper was lucky it did not damage his Pi Model B. I was able to research and find a work around for the Pi 2, and updated the instructions for using the Alfa AWUS051NHv2 (a/b/g/n) adapter.
Kismet as an application is improving, and many new features will be coming out in the coming year. With the added processing power of the Pi 2, and additional USB ports, Kismet is hopefully going to gain some new capabilities, while still remaining a solid application for performing 802.11 surveys. Kismet drones functionality also looks attractive for low power, small packages as the Pi 2 as well.
Please feel free to send any critiques, additions, or your experiences with this write up to: birukun at teambsf dot com
Kismet Wireless website and forum
War Pi, Scott Christie, firstname.lastname@example.org
Raspberry Pi 2 Model B
Power protection ‘override’ (USE AT YOUR OWN RISK)