Yamasa blog, Okazaki Japan

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

A post not related to Japan

This is my experiment trying to run Kismet on OSX with a WRT54 drone.
I have run into a couple of problems you can read

To compile kismet on osx you need to disable pcap support and viha drivers support, if you want to use a drone. If you try to compile kismet with default setting, error about undefined variable will happens. Also as stated in the configure script, you will need to install and use gmake instead of make. gmake is only available after you install the ‘darwin port’. I used these setting , because the argument –without-pcap did not work

*** not a good idea, may be the cause of my last problem
./configure –disable-pcap –disable-viha
gmake dep
gmake
gmake install


And now it looks like I’am stuck at this error. The client/server on the ibook does not read the correct drone version on the WRT54G.
okazakijapancomputer:/usr/local/etc root# kismet
Server options: none
Client options: none
Starting server...
Waiting for server to start before starting UI...
Will drop privs to okazaki (501) gid 501
No specific sources given to be enabled, all will be enabled.
Enabling channel hopping.
Enabling channel splitting.
NOTICE: Disabling channel hopping, no enabled sources are able to change channel.
Dropped privs to julien (501) gid 501
Source 0 (drone): Opening kismet_drone source interface 192.168.1.1:3501...
Allowing clients to fetch WEP keys.
WARNING: Disabling GPS logging.
Logging networks to /users/okazaki/Kismet-Nov-18-2005-1.network
Logging networks in CSV format to /users/okazaki/Kismet-Nov-18-2005-1.csv
Logging networks in XML format to /users/okazaki/Kismet-Nov-18-2005-1.xml
Logging cryptographically weak packets to /okazaki/julien/Kismet-Nov-18-2005-1.weak
Logging cisco product information to /users/okazaki/Kismet-Nov-18-2005-1.cisco
Logging data to /users/okazaki/Kismet-Nov-18-2005-1.dump
Writing data files to disk every 300 seconds.
Mangling encrypted and fuzzy data packets.
Tracking probe responses and associating probe networks.
Reading AP manufacturer data and defaults from /usr/local/etc/ap_manuf
Reading client manufacturer data and defaults from /usr/local/etc/client_manuf
Using network-classifier based data encryption detection
Dump file format: wiretap (local code) dump
Crypt file format: airsnort (weak packet) dump
Kismet 2005.08.R1 (KismetWhite)
Logging data networks CSV XML weak cisco
Listening on port 2501.
Allowing connections from 127.0.0.1/255.255.255.255
Registering builtin client/server protocols...
Registering requested alerts...
Registering builtin timer events...
Gathering packets...
FATAL: version mismatch: Drone sending version 4318, expected 9.
Terminating.
Didn’t detect any networks, unlinking network list.
Didn’t detect any networks, unlinking CSV network list.
Didn’t detect any networks, unlinking XML network list.
Didn’t detect any Cisco Discovery Packets, unlinking cisco dump
Didn’t capture any packets, unlinking dump file
Didn’t see any weak encryption packets, unlinking weak file
Kismet exiting.


Over 2500 unique products from Japan — click now!

Don’t tell me to upgrade my drone version, the version is 9.
Someone had this error, on the kismetsupport forum
They say something is broken in the gcc complier used in osx.
My version is: gcc version 4.0.0 20041026 (Apple Computer, Inc. build 4061)

They say: I digged into the code and the problem does not have something to do with endianness, it is a bug in the version of the gcc delivered with OS X (version 3.3 with some changes by apple). This compiler can not handle packed structures correctly and therefore sizeof(struct stream_frame_header) becomes 12 (instead of 9). Thats why 0xCAFB from the next packet is interpreted as the version number.
I installed gcc 3.3.2 on OS X and compiled kismet and with this binary I am able to receive data from the kismet_drone (btw I couldn’t compile kismet with gcc 3.4.0 on OS X)

I don’t want to downgrade my gcc version. Any ideas. Is there a way to bypass the drone version verification? It was easier with cywin posix emulation on windows Xp to run kismet, what a shame.

update: I will try gcc 4.0 build 5026 with Xcode 2.1
— xcode 2.1, did not work
Update 2: will try to modify source code to override verification, this might broke something, stay tuned for progress.
Update 3:

Locate in dronesource.cc 2 instance of version mismatch and modify the return value to 0
// Validate
if (ntohs(vpkt.drone_version) != STREAM_DRONE_VERSION) {
snprintf(errstr, 1024, “version mismatch: Drone sending version %d, ”
“expected %d.”, ntohs(vpkt.drone_version), STREAM_DRONE_VERSION);
return -1;
}

Version checking now overridden. Not sure if it a good idea because of last error.
Now it will complain about terminal, before calling kismet type in Terminal: export TERM=xterm-color or add a line to your /etc/profile
Update 4,
My last problem now is:
no data in the client windows and this error: WARNING: Client fd 6 ring buffer full, packet dropped.
Update 5,
the fact that I disable pcap in configure could be the cause. I went on wrt54g support irc channel and they told me that I should not disable this.

Update 6:: see this post