Hello,
About a week ago I first met with NEMS. I was searching for a method to monitor the networks of my clients (small businesses and costumers)
NEMS has the potential to fulfill it al but it was missing a method to also monitor the wireless environment.
So, with the less skills I have, I tried to install kismet on it.
I have tried this method on an RPI-3 and an RPI-4 RPI-3 need some additional adjustments because of the lack of RAM.
Here you can find the steps to expand the swap file of an RPI file.
Also, an external WIFI adapter is required that is capable to use "monitor mode". Monitor mode captures all traffic that goes through the air.
We can install kismet on 2 different ways, building from source (that I’m going to describe) or install from a repo (cons: always need to run as ROOT when demonize)
First, we need to install the dependencies, there a lot but they are all necessary:
sudo apt-get install -y build-essential git libmicrohttpd-dev pkg-config zlib1g-dev libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev libprotobuf-c-dev protobuf-compiler protobuf-c-compiler libsensors4-dev libnl-3-dev libcap-dev libpcap-dev libncurses5-dev libwebsockets-dev pkg-config zlib1g-dev libnl-genl-3-dev libnm-dev libdw-dev libsqlite3-dev protobuf-compiler libusb-1.0-0-dev python3 python3-setuptools python3-protobuf python3-requests python3-numpy python3-serial python3-usb python3-dev librtlsdr0 libubertooth-dev libbtbb-dev
The libwebsocket that Raspbian buster delivers, are a bit outdated so we need to install an update version:
wget http://ftp.nz.debian.org/debian/pool/main/libw/libwebsockets/libwebsockets17_4.1.4-1_armhf.deb
install it:
sudo dpkg -i libwebsockets17_4.1.4-1_armhf.deb
also, the dev package:
wget http://ftp.nz.debian.org/debian/pool/main/libw/libwebsockets/libwebsockets-dev_4.1.4-1_armhf.deb
and install it:
sudo dpkg -i libwebsockets-dev_4.1.3-1_armhf.deb
So now we have all dependencies to build kismet from source :)
Now we can start installing kismet!
git clone https://www.kismetwireless.net/git/kismet.git
cd kismet
./configure
after the script confirms all dependencies are there we can start compiling with:
make
or make -j$(nproc)
to use more CPU power.
Be patient, compiling cost a lot of recourses and can take a lot of time. Especially when using an RPI-3
The next step is to install kismet with the next command:
sudo make suidinstall
and after that is finished without errors, we add the current user to the kismet group
sudo usermod -aG kismet $USER
so almost everything is now ready to demonize kismet.
we need to fix permissions on the service file with the following lines:
cd /usr/local/bin/
directory where the service is at
sudo chown $user kismet
give current user kismet permissions.
sudo chgrp kismet kismet
change owner group to kismet.
now we need to set logging to the right directory.
sudo nano /usr/local/etc/kismet_logging.conf
log_prefix=/home/$user/kismet
Before we demonize kismet, we need to tell kismet where the data source is (WIFI adapter)
start with iw dev
it will show all wireless adapters.
like this
phy#1
Interface wlan1
ifindex 4
wdev 0x100000001
addr 00:c1:41:07:11:76
type managed
channel 11 (2462 MHz), width: 40 MHz, center1: 2452 MHz
txpower 20.00 dBm
phy#0
Interface wlan0
ifindex 3
wdev 0x1
addr b8:27:eb:44:ad:fe
type managed
channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
txpower 31.00 dBm
to check if it supports monitor mode, we need to run the following command: iw phy phy1 info
when there stand *.monitor it fits our purpose.
at last we need to turn it in monitor mode ad startup and allocate it to the right device id. therefor we use: sudo nano /etc/network/interfaces
and we put in:
allow-hotplug wlan1
iface wlan1 inet manual
pre-up iw phy phy1 interface add mon1 type monitor
pre-up iw dev wlan1 del
pre-up ifconfig mon1 up
at last we reboot the device :sudo reboot
check if it worked with ifconfig
you now will see mon1 in the list. if you don't, the WIFI adapter used is not fitted
Before we start Kismet let’s create our configuration file for it by running the following command.
Kismet will read this config file when it launches and utilizes the sources, we specify to scan traffic.
sudo nano /usr/local/etc/kismet_site.conf
now we need to paste this in the file
source=mon1
and close it.
To connect to Kismet’s web interface, you will need to find out your Raspberry Pi’s local IP address so that you can access it through your web browser.
To see your Raspberry Pi’s local IP address you can use the command below.
hostname -I
Now that we have retrieved our Raspberry Pi’s local IP address we can now proceed to start up the Kismet server so that we can access it through its web interface.
To fire up the Kismet server, you need to run the following command on your Raspberry Pi.
kismet
Once the Kismet monitoring tools have started up, go ahead and open up your favorite web browser and go to the following URL.
Make sure that you replace our example IP below with the one you obtained in Step 1 of this section. Doing this should load our Kismet network scanner interface running on the Raspberry Pi.
http://[yourip]:2501
Upon your first load of Kismet’s web interface, you will be asked to enter new login details. Set a username and password that you will easily remember then press the “Save” button.
now kismet is ready to start but not yet demonized
Everything is set. I’ve there are no errors now we can demonize kismet
sudo cp /home/$user/kismet/packaging/systemd/kismet.service /lib/systemd/system/
to copy the service file to systemd directory
sudo systemctl edit kismet
to edit the permissions of kismet.
Put:
[Service]
User=[your_user_name]
Group=kismet
in the empty file and close it.
Now we need to enable kismet at boot with:
sudo systemctl enable kismet
And to look if everything works fine, we need to:
sudo systemctl start kismet
For feedback of the command use:
sudo systemctl status kismet
and if you see the service is active and some mac addresses flying around that means everything works.
the final test is:
sudo reboot
when you log back in and after a minute of 3 use
sudo systemctl status kismet
again to see if everything works.
well done, kismet is up and running! and you can access it from http://[yourpiip]:2501
This is my first tutorial ever and feedback will be appreciated.
I used:
[https://pimylifeup.com/raspberry-pi-network-scanner/](https://pimylifeup.com/raspberry-pi-network-scanner/)
[https://www.kismetwireless.net//docs/readme/quickstart/](https://www.kismetwireless.net//docs/readme/quickstart/)
as references for the project.
in those steps some small things are missing to let it work for NEMS, so I rewrite a lot of it and allow borrowed some pieces from my references