kismet, hostap, Prism2.5

Tue Nov 11 16:11:10 PST 2003

>Date: Mon, 3 Nov 2003 01:25:37 +0100
>From: "Auer, Karl James" <karl.auer at id.ethz.ch>
>
>Hi there.
>
>I can't get lismet (a wireless sniffer) working with hostap. Kismet =
>aborts with an error message saying that "Set Frequency" is not =
>supported.

You need at least a working driver for your card. Hostap will do fine,
as will wlan_ng and others. Just verify that you can indeed set the
desired channels for your setup. (Iwconfig wlan0 channelX for hostap;
Something in the configfile for wlan_ng or something magical in inSaneNMP:-)
If you can do that, so will kismet_hopper.

> I/m running SuSE 8.2, kernel 2.4.20, hostap 0.1.1. The PCI =
>wireless card is reported by hostap as an "Intersil Prism 2.5"; "cat =
>/proc/pci" says "Network Controller: Harris Semiconductor Prism 2.5 =
>Wavelan chipset (rev 1)".
>
>Kismet does see the carda nd outputs quite a bit of information about =
>the setup, but it can't get past that error.
>
>Any ideas? Should Kismet work with HostAP? The Kismet docs suggest it =
>should, as do a couple of wireless FAQs, though the latter mention only =
>2, not 2.5...

A Prism2.5 card will do fine too.

>
>Thanks for any help you might be able to offer. If anyone is using =
>hostap and a Prism2.5 card with Kismet, I'd love to see your working =
>Kismet config files.

So you did find the kismet config file. (/usr/local/etc/kismet.conf)
Take care that you tell kismet to use the correct driver. (source=)
Also make sure that it has write access to where the logfiles are
going (logtemplate=) for the user that it changes to (suiduser=).

Then take care to not call it from a subshell where is might not find
a suitable tty to write to. From a plain login shell you should do no
more than just type 'kismet -H' <ret>'.

Now the fun can start. As soon as you have a neighbouring host, questions
should arise. It amazes me that no-one wonders loud..

Every host I found probing gets reported as being on channel 0 (or no
channel if you like). Channels are numbered from 1 up; there's no channel0.
How can this event that comes to me most notably on air be on 'no channel'?
Why isn't that channel detected and/or why isn't there a field in the
header that says it is on a specific channel?

I've read somewhere that these channels do overlap and that there are
only 3 effectively seperated channels. (I guess 1,6,11)
When I set up a host probing on channel 6, and I check every channel with
kismet, I find a minimum of probe packets a channel 1 and 11, and a maximum
at channel 6. (and none at channel 14)

How is a host that is calling on 'no specific channel' expecting to get an
answer?

More magic popped up lately. I finally found a access point reported to also
be on channel 0. (IP number, but no encryption, no ssid)

Would someone have some simple explanations for a layman?

Regards, Wim.