PaulDotCom mailing list archives
Re: Strange Kismet Newcore behavior
From: "Nils" <nils () hemmann de>
Date: Fri, 30 Dec 2011 16:44:10 +0100
FYI The issue is solved for me.It got fixed with the release of OpenWRT Backfire 10.03.1. Kismet drone is working properly now. Could be that the mac80211 driver bug fixing solved it.
My setup: - TP-Link TL-WR1043ND - OpenWRT 10.03.1 - kismet-drone 2010-07-R1 and 2011-03-R2 - kismet-server 2011-03-R2 running on BT5It is not working though with a fresh compilation of the latest kismet-drone release r3244. It doesn´t show any packets.
Cheers, Nils On 24.11.2011 09:40, Nils wrote:
Hi,any one having Kismet newcore running on TP-Link TL-WR1043ND without any problem? The problem is not about the general installation or configuration, it is about the Kismet log filling up with strange/weird APs. Please see below.Thanks, Nils On 21.11.2011 18:09, Nils wrote:Hi guys, I´m looking into a strange Kismet behavior. The wireless IDS I´m running is based on: Kismet Newcore Server 2011-03-R2 Kismet Newcore Drones 2010-07-R1 running on Atheros Fonera Drones This setup is working great!Then I´ve tried to add a drone based on TP-Link´s TL-WR1043ND access point with a AR71xx 802.11ng chipset and running OpenWrt Backfire 10.03.1-RC6The wireless chipset driver is ath9k/mac80211It didn´t matter which version of the Kismet-drone I´ve tried, I ended up with Kismet filling up the logs with strange APs popping up. See log output below! Next to Kismet 2011-03-R2 I´ve compiled the lastest svn version of Kismet-Drone for OpenWrt Backfire, both including full support for libnl/netlink mac80211.But still......These BSSIDs look weird. They are changing and popping up every second. I´d have expected ~30 APs around me but not hundreds of them in a few minutes, all with hidden SSID. But it looks more like a general wireless driver issue as even Aircrack/Airodump-ng shows some strange APs. Both either Kismet or Aircrack show broken SSIDs with strange characters in them, too.INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID 48:2D:35:DF:BA:72,encryption yes, channel 0, 0.00 mbit INFO: Detected new data network "<Unknown>", BSSID 54:49:85:9F:4C:49, encryption yes, channel 0, 0.00 mbitINFO: Detected new ad-hoc network "<Hidden SSID>", BSSID E4:54:97:63:58:64,encryption yes, channel 0, 0.00 mbitINFO: Detected new ad-hoc network "<Hidden SSID>", BSSID 38:2F:D1:48:E1:BF,encryption yes, channel 0, 0.00 mbit INFO: Detected new data network "<Unknown>", BSSID BB:63:45:87:FA:8A, encryption no, channel 0, 0.00 mbitINFO: Detected new managed network "<Hidden SSID>", BSSID 37:44:79:6F:01:F2, encryption yes, channel 0, 0.00 mbitINFO: Detected new ad-hoc network "<Hidden SSID>", BSSID 15:36:B8:4E:13:0D,encryption no, channel 0, 0.00 mbit INFO: Detected new data network "<Unknown>", BSSID 3E:E0:96:8A:5A:EE, encryption no, channel 0, 0.00 mbit INFO: Detected new data network "<Unknown>", BSSID 73:8F:F0:2F:80:9D, encryption yes, channel 0, 0.00 mbitINFO: Detected new managed network "<Hidden SSID>", BSSID F9:B0:5E:08:39:E3, encryption yes, channel 0, 0.00 mbit INFO: Detected new data network "<Unknown>", BSSID 5A:46:FC:11:D9:3C, encryption no, channel 0, 0.00 mbit INFO: Detected new data network "<Unknown>", BSSID E5:DB:15:B0:31:14, encryption yes, channel 0, 0.00 mbit INFO: Detected new data network "<Unknown>", BSSID 31:F2:29:E9:73:39, encryption no, channel 0, 0.00 mbitINFO: Detected new ad-hoc network "<Hidden SSID>", BSSID 5F:89:FA:75:FB:E1,encryption yes, channel 0, 0.00 mbitINFO: Detected new ad-hoc network "<Hidden SSID>", BSSID CE:1B:50:D8:1F:21,encryption no, channel 0, 0.00 mbit An suggestions? Thanks, Nils _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Strange Kismet Newcore behavior Nils (Nov 21)
- Re: Strange Kismet Newcore behavior Denis Hancock (Nov 22)
- Re: Strange Kismet Newcore behavior Nils (Nov 22)
- Re: Strange Kismet Newcore behavior Denis Hancock (Nov 22)
- Re: Strange Kismet Newcore behavior Nils (Nov 22)
- Strange Kismet Newcore behavior Nils (Nov 24)
- Re: Strange Kismet Newcore behavior Nils (Dec 30)
- Re: Strange Kismet Newcore behavior Denis Hancock (Nov 22)