Security Explained  
   
 
 

Discovering Wireless Networks: Linux

Using Kismet for Linux (Backtrack) we will search for and gather information about wireless networks.

Materials Needed:

  • Linux (Backtrack)
  • An 802.11b wireless card that supports monitor mode (Orinoco, Prism, Atheros)
  • Kismet

Step 1: Start Backtrack

We will be using the security distribution Backtrack from http://www.remote-exploit.org due to it being preconfigured with most of the packages and tools we will be using. Any version of Linux will work for these tutorials, however you will need to install and configure the packages yourself before attempting these scenarios.

Boot Backtrack and when you are prompted enter 'root' and the password 'toor' then type 'startx' to start the graphical interface.

Step 2: Make Sure your Wireless Card is installed

Click the 'K' Menu at the bottom left corner of the screen, select 'Internet' from the menu, and then click on 'Wireless Manager' This will open a program that allows you to monitor your wireless cards. If it does not show any available wireless devices you need to make sure you have your card plugged in and that you have a supported wireless chipset.
Wireless Manager showing available interfaces

Step 3: Start Kismet

Start Kismet by clicking on the 'K' Menu then on 'BackTrack' then on 'Wireless Tools' then on 'Analyzer' and then finally on 'Kismet'

Click 'K' then 'BackTrack' then 'Wireless Tools' then 'Analyzer' then 'Kismet'

Step 4: Select Wireless Interface

This part can be a little confusing if you've never used Linux before. Linux will assign all the available network interfaces names like 'eth0', 'eth1' and so on. Depending one the particular card you use it may even call them things like 'wlan0'. In the case of this test setup the laptop used has 3 interfaces, 1 PCMCIA wireless card, 1 internal wireless card, and 1 wired ethernet adaptor. BackTrack assigned my PCMCIA card the name 'eth0'

A good method to determine which interface is your wireless one is the guess and check method, if Kismet will not run it means the interface you selected cannot open in monitor mode, this means it's either the wrong interface or you have an incompatible wireless card. In any case try the other options.

All that said, choose the wireless adaptor you wish to use and press 'OK'

Choose the Wireless Interface

Step 5: Choose a Data Folder

Next we will choose a folder for Kismet to save all it's data in. In this example I simply chose the /root folder. You may use whatever folder you like to save this data, a good choice other than root would be to make a folder called 'kismet' in the /root folder and save there.

Choose a Data Folder Location 

Step 6: Choose a File Prefix

The next menu asks for a file prefix, this is just a descriptive tag added to the file name for the session of Kismet. These files contain all the packets you've captured with Kismet and can be used for network analysis later. The default name is usually fine.

Data Prefix

Step 7: Start using Kismet

Here you see the main menu of Kismet showing the access-points it has found. Some helpful keyboard shortcuts to use Kismet are:
  • 'h' - help menu, close this and any other popup with 'x'
  • 's' - sort menu, sort the detected access-points
  • 'm' - mute sounds, stop the annoying beeps

Kismet Main Screen We'll be investigating Kismet further in later lessons.

See Kismet in Action:

Flash Movie of Kismet Detecting Access-points