Skip to content

Instantly share code, notes, and snippets.

@Haasie
Last active November 8, 2020 16:43
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Haasie/bd487aab902121b3394621c4b512d330 to your computer and use it in GitHub Desktop.
Save Haasie/bd487aab902121b3394621c4b512d330 to your computer and use it in GitHub Desktop.
Intall Kismet wireless network tool on NEMSlinux

Hello,

Intro

About a week ago I first met with NEMS. I was searching for a method to monitor the networks of my clients (small businesses and costumers)

NEMS has the potential to fulfill it al but it was missing a method to also monitor the wireless environment.

So, with the less skills I have, I tried to install kismet on it.


Requirement

I have tried this method on an RPI-3 and an RPI-4 RPI-3 need some additional adjustments because of the lack of RAM.

Here you can find the steps to expand the swap file of an RPI file.

Also, an external WIFI adapter is required that is capable to use "monitor mode". Monitor mode captures all traffic that goes through the air.

We can install kismet on 2 different ways, building from source (that I’m going to describe) or install from a repo (cons: always need to run as ROOT when demonize)

Let’s start

First, we need to install the dependencies, there a lot but they are all necessary:

sudo apt-get install -y build-essential git libmicrohttpd-dev pkg-config zlib1g-dev libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev libprotobuf-c-dev protobuf-compiler protobuf-c-compiler libsensors4-dev libnl-3-dev libcap-dev libpcap-dev libncurses5-dev libwebsockets-dev pkg-config zlib1g-dev libnl-genl-3-dev libnm-dev libdw-dev libsqlite3-dev protobuf-compiler libusb-1.0-0-dev python3 python3-setuptools python3-protobuf python3-requests python3-numpy python3-serial python3-usb python3-dev librtlsdr0 libubertooth-dev libbtbb-dev

The libwebsocket that Raspbian buster delivers, are a bit outdated so we need to install an update version:

wget http://ftp.nz.debian.org/debian/pool/main/libw/libwebsockets/libwebsockets17_4.1.4-1_armhf.deb install it: sudo dpkg -i libwebsockets17_4.1.4-1_armhf.deb

also, the dev package: wget http://ftp.nz.debian.org/debian/pool/main/libw/libwebsockets/libwebsockets-dev_4.1.4-1_armhf.deb

and install it: sudo dpkg -i libwebsockets-dev_4.1.3-1_armhf.deb

So now we have all dependencies to build kismet from source :)


install kismet

Now we can start installing kismet!

git clone https://www.kismetwireless.net/git/kismet.git

cd kismet

./configure

after the script confirms all dependencies are there we can start compiling with: make or make -j$(nproc) to use more CPU power.

Be patient, compiling cost a lot of recourses and can take a lot of time. Especially when using an RPI-3

The next step is to install kismet with the next command: sudo make suidinstall and after that is finished without errors, we add the current user to the kismet group sudo usermod -aG kismet $USER

so almost everything is now ready to demonize kismet. we need to fix permissions on the service file with the following lines: cd /usr/local/bin/ directory where the service is at sudo chown $user kismet give current user kismet permissions. sudo chgrp kismet kismet change owner group to kismet.

now we need to set logging to the right directory. sudo nano /usr/local/etc/kismet_logging.conf log_prefix=/home/$user/kismet


Mounting the external WIFI adapter/s

Before we demonize kismet, we need to tell kismet where the data source is (WIFI adapter) start with iw dev it will show all wireless adapters. like this

phy#1
        Interface wlan1
                ifindex 4
                wdev 0x100000001
                addr 00:c1:41:07:11:76
                type managed
                channel 11 (2462 MHz), width: 40 MHz, center1: 2452 MHz
                txpower 20.00 dBm
phy#0
        Interface wlan0
                ifindex 3
                wdev 0x1
                addr b8:27:eb:44:ad:fe
                type managed
                channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
                txpower 31.00 dBm

to check if it supports monitor mode, we need to run the following command: iw phy phy1 info when there stand *.monitor it fits our purpose. at last we need to turn it in monitor mode ad startup and allocate it to the right device id. therefor we use: sudo nano /etc/network/interfaces and we put in:

allow-hotplug wlan1
iface wlan1 inet manual
pre-up iw phy phy1 interface add mon1 type monitor
pre-up iw dev wlan1 del
pre-up ifconfig mon1 up

at last we reboot the device :sudo reboot check if it worked with ifconfig

you now will see mon1 in the list. if you don't, the WIFI adapter used is not fitted


Starting up the kismet tools

Before we start Kismet let’s create our configuration file for it by running the following command.

Kismet will read this config file when it launches and utilizes the sources, we specify to scan traffic.

sudo nano /usr/local/etc/kismet_site.conf

now we need to paste this in the file

source=mon1

and close it.

To connect to Kismet’s web interface, you will need to find out your Raspberry Pi’s local IP address so that you can access it through your web browser.

To see your Raspberry Pi’s local IP address you can use the command below.

hostname -I

Now that we have retrieved our Raspberry Pi’s local IP address we can now proceed to start up the Kismet server so that we can access it through its web interface.

To fire up the Kismet server, you need to run the following command on your Raspberry Pi.

kismet

Once the Kismet monitoring tools have started up, go ahead and open up your favorite web browser and go to the following URL.

Make sure that you replace our example IP below with the one you obtained in Step 1 of this section. Doing this should load our Kismet network scanner interface running on the Raspberry Pi.

http://[yourip]:2501

Upon your first load of Kismet’s web interface, you will be asked to enter new login details. Set a username and password that you will easily remember then press the “Save” button.

now kismet is ready to start but not yet demonized


Demonize

Everything is set. I’ve there are no errors now we can demonize kismet

sudo cp /home/$user/kismet/packaging/systemd/kismet.service /lib/systemd/system/ to copy the service file to systemd directory

sudo systemctl edit kismet to edit the permissions of kismet.

Put:

[Service]
User=[your_user_name]
Group=kismet

in the empty file and close it.

Now we need to enable kismet at boot with: sudo systemctl enable kismet

And to look if everything works fine, we need to: sudo systemctl start kismet

For feedback of the command use: sudo systemctl status kismet

and if you see the service is active and some mac addresses flying around that means everything works.

the final test is: sudo reboot

when you log back in and after a minute of 3 use sudo systemctl status kismet again to see if everything works.

well done, kismet is up and running! and you can access it from http://[yourpiip]:2501


This is my first tutorial ever and feedback will be appreciated. 

I used:

[https://pimylifeup.com/raspberry-pi-network-scanner/](https://pimylifeup.com/raspberry-pi-network-scanner/)
[https://www.kismetwireless.net//docs/readme/quickstart/](https://www.kismetwireless.net//docs/readme/quickstart/)

as references for the project.
in those steps some small things are missing to let it work for NEMS, so I rewrite a lot of it and allow borrowed some pieces from my references
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment