1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to see hidden ssid wlans?

Discussion in 'Tomato Firmware' started by lpo55, Sep 16, 2007.

  1. lpo55

    lpo55 LI Guru Member

    hi guys,

    I'm have a Linksys WRT54G v.2.2 with Tomato 1.07 and a few questions about the "Wireless Survey" feature. And yes i used the forum search before :)

    1. Is it possible to see the wlans without ssid? (i have 8 visible wlans from the neigbours listed but not the ones without ssid)

    2. why is there always "wep" in the results ,if Encryption is on? (The wireless card in the other PC here is showing the real encryption that is used)

    hope my english is good enough to understand what i mean :D

    thanks guys
     
  2. roadkill

    roadkill Super Moderator Staff Member Member

    use kismet drone if you want to see everyone that is out there
     
  3. danix71

    danix71 LI Guru Member

    How ? Could be "loaded" into tomato ?
     
  4. roadkill

    roadkill Super Moderator Staff Member Member

    you'll need to enable CIFS
     
  5. danix71

    danix71 LI Guru Member

    Could you have some time to explain, or some links ? Please.

    LE: I must have OpenWRT Whiterussian or just remain to Tomato ? Or use this firmware (Satori_v2_2.00.8.7sv-pre1.bin&kismet) ?
     
  6. roadkill

    roadkill Super Moderator Staff Member Member

    Kismet Drone on dd-wrt
    installation in Tomato is basically the same with only one exception in Tomato you don't have the option to use IPK
    so simply untar the IPK archive to your CIFS directory and run it from there with an additional parameter
    so that kismet won't go searching for the conf file in /etc/kismet
    kismet_drone -f kismet_drone.conf

    happy hunting...
    :grin:
     
  7. danix71

    danix71 LI Guru Member

    Roadkill, thank you for all ! :thumbups:
     
  8. lpo55

    lpo55 LI Guru Member

    thanks for the info, i will try it tomorrow

    i'm not that good with linux, but try it :)
     
  9. yaqui

    yaqui LI Guru Member

    Here is a way that I made to help automate some of this:
    Note: I have not tested the server working with drone from a desktop yet. But the drone running alone on the router is working.

    Step 1
    Edit below script where it says "replace zeros".

    Step 2
    Copy & paste into Wan up section... hit SAVE
    Code:
    ## Install Kismet Drone
    sleep 45
    if [ ! -x /tmp/usr/bin/kismet_drone ] ; then
    cd /tmp
    wget http://www.kismetwireless.net/code/kismet-2006-04-R1-wrt54.tar.gz
    tar -zxf kismet-2006-04-R1-wrt54.tar.gz
    rm kismet-2006-04-R1-wrt54.tar.gz
    chmod 755 /tmp/kismet-2006-04-R1-wrt54/kismet_drone
    logger kismet drone created
    
    ## Configure Drone
    #wlname=`nvram get wl_ifname`
    #Replace zeros below with your desktop ip address
    sed -i -e '/allowedhosts/s|$|,0.0.0.0/24|' /tmp/kismet-2006-04-R1-wrt54/conf/kismet_drone.conf
    sed -i -e '/^source=WRT54G/s/^source.WRT54G.*$/source=WRT54G,prism0,WRT54G/' /tmp/kismet-2006-04-R1-wrt54/conf/kismet_drone.conf
    logger Kismet drone configured
    else
    logger kismet drone already exists will not install
    fi
    
    ## Create startdrone script
    sdrone='/tmp/startdrone.sh'
    (
    cat <<'ENDSDRONE'
    #!/bin/sh
    echo "Setting radio for kismet_drone"
    #Uncomment below to try bringing up prism0 first to get monitor mode to work
    #ifconfig prism0 up
    /usr/sbin/wl ap 0
    /usr/sbin/wl disassoc
    /usr/sbin/wl passive 1
    /usr/sbin/wl promisc 1
    /usr/sbin/wl monitor 1
    #To run in background uncomment next line
    #/tmp/kismet-2006-04-R1-wrt54/kismet_drone -f /tmp/kismet-2006-04-R1-wrt54/conf/kismet_drone.conf > /dev/null 2>&1 &
    /tmp/kismet-2006-04-R1-wrt54/kismet_drone -f /tmp/kismet-2006-04-R1-wrt54/conf/kismet_drone.conf
    sleep 3
    if [ $? == "1" ] ; then
    echo "kismet_drone now running"
    else
    echo "Kismet drone failed to start"
    fi
    ENDSDRONE
    ) > $sdrone
    if [ -f "$sdrone" ] ; then
    chmod 755 $sdrone
    logger $sdrone created
    else
    logger Problem creating $sdrone
    fi
    
    ## Create Channel Hopping Script
    chanhop='/tmp/chanhop.sh'
    (
    cat <<'ENDHOP'
    #!/bin/sh
    # USA channels
    CHANNELS=1,6,11,2,7,3,8,4,9,5,10
    NBHOPS=11
    
    # EU channels
    #CHANNELS=1,7,13,2,8,3,14,9,4,10,5,11,6,12
    #NBHOPS=14
    
    # How many seconds to dwell on channel
    SECONDS=2
    
    # End of settings
    
    INDEX=0
    while true
    do
        let INDEX=INDEX+1
        [ $INDEX -gt $NBHOPS ] && INDEX=1
        CURRENT=`echo $CHANNELS | cut -d ',' -f $INDEX`
        echo -n -e "\r\33[KCurrent channel: $CURRENT\r"
        wl channel $CURRENT
        sleep $SECONDS
    done
    ENDHOP
    ) > $chanhop
    if [ -f "$chanhop" ] ; then
    chmod 755 $chanhop
    logger $chanhop created
    else
    logger Problem creating $chanhop
    fi
    Step 3
    Reboot the router

    Step 4
    Telnet into router
    Run chanhop.sh first
    Code:
    /tmp/chanhop.sh
    Next, run the Drone and be sure to keep telnet windows open.
    with this command:
    Code:
    /tmp/startdrone.sh
    Step 5
    Install Linux on desktop computer

    Step 6
    Install Kismet server and client on linux desktop: probably best if you compile from source the matching version of the drone (2006-04-R1).

    Step 7
    Run the server, then the gui client... enjoy! May wish to visit the DDWRT posts for more info on running them.
     
  10. danix71

    danix71 LI Guru Member

    EVEN BETTER ! :)
    So at step 4 (to understand it): one login through telnet to WRT, so what command should give ? If you explain this, my little blue box will become my kismet box.
     
  11. danix71

    danix71 LI Guru Member

    Sincerely, I'll try this when I'll feel self-confident. :)
     
  12. kameleon

    kameleon LI Guru Member

    Very interesting. I have been looking at doing just this very thing. I have a WRT54GS as my main router and I have 3 other WRT54G routers. I am always looking for interesting things to try with them. When I run the Drone though I will have to dedicate that router to doing just that or can it run while still being my main router. My internet connection is on the opposite side of the hose from my office so I have my main router setup to accept WDS nodes. I would like to run this on the "GS" aka main router but if it is a deicated deal I will probably leave it be and run it on one of the "G" routers.
     
  13. kameleon

    kameleon LI Guru Member

  14. roadkill

    roadkill Super Moderator Staff Member Member

  15. roadkill

    roadkill Super Moderator Staff Member Member

    I use the same version/build number as whats running on the router
     
  16. HennieM

    HennieM Network Guru Member

    kameleon said:
    I have run kismet 2006R04 on my GL which is connected by WDS. The WDS link did stay up while running either the drone or the server, but I forget now how I got that to work. I THINK it was - I don't (wl ap 0) and also not (wl passive 1), and also not (wl disassoc).

    I just could not scan channels - dunno if this was because of the WDS link, because of the settings, or because my kismet just cannot do it.
     
  17. kameleon

    kameleon LI Guru Member

    Following the script that yaqui put up (with the exception of putting the script as a Sleep 60 and in the INIT section) everything seems to do fine till I do this


    # kismet_drone -f /jffs/etc/kismet/kismet_drone.conf
    kismet_drone: kismet_drone: 1: Syntax error: "(" unexpected
    #

    Any ideas?
     
  18. HennieM

    HennieM Network Guru Member

    Error in your kismet_drone.conf?
     
  19. kameleon

    kameleon LI Guru Member

    I did nothing more than what yaqui put in the post. Anyone else tried it?
     
  20. HennieM

    HennieM Network Guru Member

    IMO it depends on what interfaces are created by the firmware, not so much whether it is a GL or not.

    I use kismet 2006R04 on Tomato 1.07 or dd-wrt V24 (08/15/07) on a GL v1.1

    For the drone conf:
    source=WRT54G,eth1:prism0,OpenWRT-Drone

    and for the server conf:
    source=WRT54G,eth1:prism0,WRT

    I think the 1st 2 params (WRT54G,eth1:prism0) matters, while the last one don't.
     
  21. HennieM

    HennieM Network Guru Member

  22. HennieM

    HennieM Network Guru Member

  23. yaqui

    yaqui LI Guru Member

  24. kameleon

    kameleon LI Guru Member

    Yaqui, when you say working, how do you have the router hooked up? what port's on the back are being used? I have just my spare router sitting there with the machine plugged into one of the 4 lan ports. That should be ok right? No WAN connection needed?
     
  25. yaqui

    yaqui LI Guru Member

    CORRECT no WAN needed, not sure if you can even use wan while doing it, not sure????

    Also there is two ways to run it... I am going to run the server and client on my linux box. But supposedly you can run both server and drone on the router: see this guide where it talks about it, http://www.dd-wrt.com/wiki/index.php/Kismet_Server/Drone
     
  26. HennieM

    HennieM Network Guru Member

    Don't run the server AND the drone TOGETHER in the WRT - that would defeat the object...

    Kismet must always have A server. If you want to see what the server is seeing, you also need A client. You MAY have a drone - the drone is like a "server agent", using less resources than a server, doing some of the server's work, but not all of it.

    So, the idea is to run the drone on the WRT as it requires less memory than a full server, then run the full server and client on a proper PC somewhere on your network.

    You can however, run the full server on your WRT - this way you only need to run the client on a PC somewhere. The memory difference from drone to server is about 350kB (AFAIK) - but I don't know the influence on processor load. The server probably draws quite a bit more on the CPU, as it also writes files, etc.

    Kismet only works with the wireless interface, and could screw that up if you do channel hopping, wl disassoc, ap 0, etc., but does/should not influence the wired switch nor the WAN connection.
     
  27. kameleon

    kameleon LI Guru Member

    Well I am trying again. Following the steps in post #9 I get this when running the startdrone.sh command:


    Edit...... even though it showed it did NOT start correctly it did. I am now up and running with only a few tweaks to the script in post #9.
    1. I had to put the code in the INIT section as it would not work at all in the WANUP portion. But I have no cable plugged into the WAN port either.
    2. I deleted the /24 on the IP address of the box I wanted to connect from.

    Other than that I am up and running no issues so far. Only thing I need to figure out now is how to try to crack my WEP. See how long it takes me to do it so I can evaluate my securtiy. ;)
     
  28. bokh

    bokh Network Guru Member

    One difference I see with the startdrone-script and my working implementation is the line "wl monitor 1 prism0", so in mine the prism0 was added to the end of the line.
    This is my script for starting the Kismet-drone on the WRT (installed on the CIFS-share):

    Code:
    #!/bin/sh
    
    wl ap 0
    wl disassoc
    wl passive 1
    wl promisc 1
    wl monitor 1 prism0
    
    export LD_LIBRARY_PATH=/cifs1/kismet/lib
    
    /cifs1/kismet/usr/bin/kismet_drone -f /cifs1/kismet/etc/kismet_drone.conf
    I also use a script to reset the router to default values and "return" as an AP after the drone has finished:

    Code:
    #!/bin/sh
    
    # Stop the channel-hopper:
    killall hop.sh
    
    wl ap 1
    wl assoc
    wl passive 0
    wl promisc 0
    wl monitor 0
    wl channel 4
    HTH!
     
  29. yaqui

    yaqui LI Guru Member

    If you look at my script I did put in "ifconfig prism0 up" but had it commented out. If you try doing that before trying to put it in monitor mode that might work too?? Not sure.. The reason I had it in there was because of the last post on this thread: http://toys.lerdorf.com/archives/20-Kismet-on-the-Linksys-WRT54G.html

    Does 'wl disassoc' work for you ??
     
  30. bokh

    bokh Network Guru Member

    Apparently it somehow does, with an "Invalid argument" though:

    Code:
    # sh -x start_kismet_drone.sh
    + wl ap 0
    + wl disassoc
    eth1: Invalid argument
    disassoc
            Disassociate from the current BSS/IBSS.
    
    + wl passive 1
    + wl promisc 1
    + wl monitor 1 prism0
    Nevertheless I can start a Kismet-drone on the WRT and connect to it with Kismet from WinXP / FreeBSD / Linux. And that's all that really matters, right? :)
     
  31. yaqui

    yaqui LI Guru Member

    Just like it says in my post it tries to use eth1 and not prism0.

    This is from Renderlab's guide: http://www.renderlab.net/projects/wrt54g/openwrt.html

    My question is: What happens if it IS associated with something that WILL screw it up? Simply turning a blind eye to something that can mess something up is never a good solution, but that is just my opinion.

    It also makes me wonder what other wl commands will not interface correctly with prism0....
     
  32. HennieM

    HennieM Network Guru Member

    Ran a couple of tests:
    If your AP is active, "wl assoc" returns your currently set SSID etc.

    If you
    wl ap 0
    then
    wl assoc
    it returns "eth1 invalid argument"

    I would therefore think that "wl disassoc" is only relevant if you stay in AP mode, i.e. not do "wl ap 0" going from normal operation to kismet.

    That's one side. The other side is that kismet listens, i.e. receives (and don't send anything to the best of my knowledge - different from NetStumbler and other active sniffers), AND you set the wireless interface (prism0 or eth1:prism0) to promiscious mode. The latter tells the interface/driver to receive/pass on anything coming to it. So whether the AP is associated with something or not, the kismet listening should be unaffected. However, if you scan channels, you might be broadcasting your associated SSID on channel 1, then on channel 6, then on channel ..... so clients will be mightily confused....
     

Share This Page