It has been a while since my last Raspberry Pi tutorial , but now I am back with another tutorial. This one I should note isn't your typical tutorial, but as always lets boot up our Pi and wreck havoc.
Although there are many tools that can grab and capture network packets, Kismet is by far one of the best and thank goodness that we can install it on our Pi.
We'll have to build Kismet ourselves from source code since the package in the Raspbian repository is ancient. The following are steps to build Kismet:
- First step is to add some developer headers and code libraries that Kismet relies on:
sudo apt-get install libncurses5-dev libpcap-dev libpcre3-dev libnl-3-dev libpcap-dev libwireshark-data
- Next, download the Kismet source code from the project's web page:
There's probably a older version so pleas check the download page.
3.Now extract the source tree and build the software:
tar -xvf kismet-2013-03-R1b.tar.gz
./configure --prefix=/usr --sysconfdir=/etc --with-suidgroup=pi
sudo make suidinstall
I should note this install will eat up a hour of your time, please be patient. Once finished you may exit the source directory and delete it:
cd .. && rm -rf kismet-2013-03-R1b
When a Wi-Fi adapter enters monitor mode, it means that it's not associated with any particular access point and is just listening for any Wi-Fi traffic that happens to whizz by in the air. However on Raspbian, there are utility applications running in the background that try to associate your adapter with Wi-Fi networks. I'm gonna show you how to disable these for the time being.
- Open up /etc/network/interfaces for editing:
sudo nano /etc/network/interfaces
- Find the block that starts with allow-hotplug wlan0 and put a # character in front of each line:
#iface wlan0 inet manual
#iface dfault inet dhcp
Press Ctrl + X to exit and press y when prompted and hit Enter key to confirm the filename to write to. this wiil prevent, wpa_supplicant utility from interfering with Kismet.
- Now open up /etc/default/ifplugd for editin:
sudo nano /etc/default/ifplugd
4.Find the line that says INTERFACES and change it from auto to etho0, then find the line that says HOTPLUG_INTERFACES and change it from "all" to " ":
This will prevent the ifplugd from interfering.
Now reboot the Pi. Once logged back in type:
This will show that you adapter has not associated with any access points.
and a colorful interface screen should show up and at first session Kismet will ask you a few questions. Use the tab key and Enter key to toggle between options and choose your options in general. Select Yes to start a Kismet server, then accept the default options for the Kismet server and select Start.
This is the crucial point where you'll find out if your particular Wi-FI adapter will successfully enter monitoring mode so that way Kismet can work its magic. If it isn't supported it will tell you almost right away.
When you see messages saying about new detected networks starting to pop up in the log, you have successfully started your very first Kismet session. Now hit the tab to select Close Console WIndow, and then pressing Enter.
Your now looking at the main Kismet screen , which is composed of different View areas with Network Listing being the most prominent. You'll see any number of access points near the vicinity, including your own.
The right-hand side of the screen is the General Info area, which provides a grand overview of the Kismet session, and the Packet Graph across the middle provides a real-time activity of the packet capture process.
The Status area at the bottom contains the latest messages from the Kismet Server console and makes it easy to spot when new access points are discovered and added to the list. There's a whole variety that you can do with Kismet, but those are for another day.
That's the end of my first and last really long tutorial explaining Kismet in general. This could've been a tutorial on its own, since I know how hard it is to get Kismet to work properly. Of course, please give me some lovins and comment down below. Cheers. :D