Commit 5a2b62b4 authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 2008-05-R1

parents
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Kismet Win32 Readme
1. Requirements
2. Quick Start
2. Configuring Kismet
3. Building Kismet
1. Requirements
The Windows version of kismet requires Windows 2000, Windows XP (32/64bit),
Windows Server 2003 (32/64bit), or Vista (32bit).
At this time, only two kinds of sources are supported:
* Drones
* The AirPcap USB capture adapter from CACE Technologies
(http://www.cacetech.com/products/airpcap.htm)
THE AIRPCAP ADAPTER IS THE ONLY WAY FOR KISMET TO CAPTURE LIVE 802.11
TRAFFIC UNDER WINDOWS. NO OTHER CARDS ARE SUPPORTED. THIS LIMITATION IS
CAUSED BY THE LACK OF SNIFFER-MODE CAPABLE DRIVERS ON WINDOWS; THE
AIRPCAP ADAPTER CIRCUMVENTS THIS LIMITATION THROUGH THE USE OF A SPECIALIZED
CUSTOM DRIVER.
If multiple AirPcap adapters are plugged in, Kismet is able to take
advantage of them to listen on more than one channel simultaneously.
2. Quick Start
The easiest way to run Kismet on Windows is downloading and running the
installer executable available at
http://www.cacetech.com/support/downloads.htm
The installer creates an entry under "All Programs" with the following
items:
* Kismet: the program executable.
* Kismet Configuration Console: the GUI that can be used to configure the
program behavior.
* Command Line Prompt: this opens a dos console in the kismet installation
folder; advanced users can use this to manually run kismet_server.exe,
kismet_client.exe or kismet_drone.exe.
* Kismet Logs Folder: this shourtcut allows access to the files that kismet
produces when it runs. The folder will be empty until Kismet is run at
least once.
After the installer is done, just click on "Kismet", and the program will
start with all the available AirPcap adapters as sources.
2. Configuring Kismet
Run the Kismet Configuration Console (start -> All Programs -> Kismet ->
Kismet Configuration Console). You will have the option to configure:
* the local sources Kismet will use for packet capture.
* the list of drones Kismet will try to connect to for remote monitoring.
* if kismet will log information about the discovered networks to disk.
Additionally, you will be able to edit the kismet.conf, kismet_ui.conf and
kismet_drone.conf files to tweak the program advanced settings. For a
reference on these three configuration files, please refer to the program
manual.
3. Building Kismet
Requirements:
* the Cygwin Unix emulation environment. Install it from
http://www.cygwin.com/, and remember to include the development packages
(gcc and make at least).
* the kismet sources, from http://kismetwireless.net/download.shtml
* the AirPcap developer's pack, from
http://www.cacetech.com/support/downloads.htm
IMPORTANT: unpack the AirPcap developer's pack INSIDE the folder with the
Kismet sources. You want the AirPcap_Devpack_XXX folder to be in the same
folder of the Kismet makefile. The reason is that Cygwin appears to have a
bug which prevents proper linking if the devpack is not in the same
directory that Kismet is compiled in. If kismet_server.exe instantly exits
with no output, it is typically indicative of a linkage path problem.
Instructions:
a. run the following configure line:
./configure --enable-airpcap --with-airpcap-devpack=<devpack_location>
Where <devpack_location> is the name of the AirPcap Developer's pack
folder, containing WinPcap and AirPcap
b. Build Kismet by typing 'make'
20050815211952
In no particular order:
first-seen-source
cardtype/interface dumps
non-rfmon-signal gps logger
ipv6
key management via panels client
server and client plugins
strings dumpfile
fakeap detection
retry ratios
gpsmap client-link drawing (dot-line clusters)
gpsmap coloring/plotting by encoding, carrier, data rate
gpsmap font picking
gpsmap strongest point plotting
congestion simulation
Multiple host= lines for kismet_client
Alerts as forged packets in pipe
VPN detection
linkage of seen-on devices to network info
AP uptime extraction
strong authentication/SSL of client/server server/drone
acpi/apm reporting via server protocol
detect dupe packets on multiple input streams
/*
This file is part of Kismet
Kismet is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
Kismet is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Kismet; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "config.h"
#if defined(HAVE_LIBPCAP) && defined(HAVE_LIBAIRPCAP) && defined(SYS_CYGWIN)
#include "airpcapsource.h"
// Prototypes of Windows-specific pcap functions.
// wpcap.dll contains these functions, but they are not exported to cygwin because
// cygwin doesn't "officially" support the Windows extensions. These functions,
// however, are safe to use.
extern "C" PAirpcapHandle pcap_get_airpcap_handle(pcap_t *p);
extern "C" HANDLE pcap_getevent (pcap_t *p);
extern "C" int pcap_setmintocopy (pcap_t *p, int size);
int AirPcapSource::OpenSource() {
channel = 0;
errstr[0] = '\0';
char *unconst = strdup(interface.c_str());
pd = pcap_open_live(unconst, MAX_PACKET_LEN, 1, -1, errstr);
free(unconst);
if (strlen(errstr) > 0)
return -1;
paused = 0;
errstr[0] = '\0';
// Gather the data link
if (DatalinkType() < 0) {
snprintf(errstr, 1024, "unable to get the data link on %s",
interface.c_str());
pcap_close(pd);
return -1;
}
// Fetch the airpcap channel
if ((airpcap_handle = pcap_get_airpcap_handle(pd)) == NULL) {
snprintf(errstr, 1024, "Adapter %s does not have wireless extensions",
interface.c_str());
pcap_close(pd);
return -1;
}
// Set the link mode to give us radiotap headers
// Removed - no deterministic method to set radiotap mode on airpcap. By
// default the drivers ought to be in rtap mode, if they're not we'll
// figure it out from the link type later but can't try to set the mode.
#if 0
if (!AirpcapSetLinkType(airpcap_handle, AIRPCAP_LT_802_11_PLUS_RADIO)) {
snprintf(errstr, 1024, "Adapter %s failed setting radiotap link layer: %s",
interface.c_str(), AirpcapGetLastError(airpcap_handle));
pcap_close(pd);
return -1;
}
#endif
// Tell the AirPcap adapter that we want the correct frames only
// (XXX Is this needed?)
// (XXX It doesn't hurt. Kismet doesn't do anything but validate FCS itself
// and throw them out, so we might as well toss them out at the
// airpcap level - dragorn)
if (!AirpcapSetFcsValidation(airpcap_handle, AIRPCAP_VT_ACCEPT_CORRECT_FRAMES)) {
snprintf(errstr, 1024, "Adapter %s failed setting radiotap link layer: %s",
interface.c_str(), AirpcapGetLastError(airpcap_handle));
pcap_close(pd);
return -1;
}
// Add it to our local copy of the fd event mangler
fd_mangle.AddHandle(pcap_getevent(pd));
fd_mangle.Activate();
return 0;
}
int AirPcapSource::FetchPacket(kis_packet *packet, uint8_t *data, uint8_t *moddata) {
int ret;
if ((ret = PcapSource::FetchPacket(packet, data, moddata)) == 0) {
fd_mangle.Reset();
fd_mangle.Signalread();
}
return ret;
}
#if 0
int AirPcapSource::FetchChannel() {
unsigned int ch;
if (!AirpcapGetDeviceChannel(airpcap_handle, &ch))
return -1;
return (int) ch;
}
#endif
int AirPcapSource::FetchDescriptor() {
// Fall through to our HANDLE to FD mangler
return fd_mangle.GetFd();
}
int AirPcapSource::SetChannel(unsigned int in_ch, char *in_err) {
if (!AirpcapSetDeviceChannel(airpcap_handle, in_ch)) {
snprintf(in_err, 1024, "Adapter %s failed setting channel: %s",
interface.c_str(), AirpcapGetLastError(airpcap_handle));
return -1;
}
return 0;
}
int AirPcapSource::FetchSignalLevels(int *in_siglev, int *in_noiselev) {
*in_siglev = 0;
*in_noiselev = 0;
return 0;
}
KisPacketSource *airpcapsource_registrant(string in_name, string in_device,
char *in_err) {
return new AirPcapSource(in_name, in_device);
}
// Spawn an airpcap device and get the info from the user
KisPacketSource *airpcapsourceq_registrant(string in_name, string in_device,
char *in_err) {
pcap_if_t *alldevs, *d;
int i;
int intnum;
AirPcapSource *src = NULL;
char errbuf[1024];
if (pcap_findalldevs(&alldevs, errbuf) == -1) {
snprintf(in_err, 1024, "Error in pcap_findalldevs: %s\n", errbuf);
return NULL;
}
fprintf(stdout, "Available interfaces:\n");
for (d = alldevs, i = 0; d != NULL; d = d->next) {
fprintf(stdout, "%d. %s\n", ++i, d->name);
if (d->description)
fprintf(stdout, " %s\n", d->description);
else
fprintf(stdout, " No description available\n");
}
if (i == 0) {
pcap_freealldevs(alldevs);
snprintf(in_err, 1024, "No interfaces found, are WinPcap and AirPcap "
"installed and the AirPcap device attached?");
return NULL;
}
while (1) {
fprintf(stdout, "Enter interface number (1-%d):", i);
if (fscanf(stdin, "%d", &intnum) != 1) {
fprintf(stdout, "Invalid entry\n");
continue;
}
if (intnum < 1 || intnum > i) {
fprintf(stdout, "Invalid entry, must be between 1 and %d\n", i);
continue;
}
break;
}
// Find the adapter
for (d = alldevs, i = 0; i < intnum - 1; d = d->next, i++)
;
src = new AirPcapSource(in_name, string(d->name));
pcap_freealldevs(alldevs);
return src;
}
int chancontrol_airpcap(const char *in_dev, int in_ch, char *in_err, void *in_ext) {
// Channel control uses the external pointer
return ((AirPcapSource *) in_ext)->SetChannel(in_ch, in_err);
}
#endif
/*
This file is part of Kismet
Kismet is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
Kismet is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Kismet; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
// pcapsource is probably the most complex source handing the largest number of
// card types. Ideally, everything should be part of the pcap source except
// wsp100 and drones.
#ifndef __AIRPCAPSOURCE_H__
#define __AIRPCAPSOURCE_H__
#include "config.h"
#if defined(HAVE_LIBPCAP) && defined(HAVE_LIBAIRPCAP) && defined(SYS_CYGWIN)
#include "pcapsource.h"
// This is a bad thing to do, but windows.h totally breaks c++ strings,
// which is also unacceptable.
extern "C" {
// Some Windows-specific definitions. They are normally imported by
// including windows.h, but we don't do it because of conflicts with the
// rest of cygwin
typedef unsigned int ULONG, *PULONG;
typedef int LONG, *PLONG;
typedef unsigned int UINT, *PUINT;
typedef int INT, *PINT;
typedef int BOOL, *PBOOL;
typedef unsigned short USHORT, *PUSHORT;
typedef short SHORT, *PSHORT;
typedef unsigned char UCHAR, *PUCHAR;
typedef signed char CHAR, *PCHAR;
typedef unsigned char BYTE, *PBYTE;
typedef void VOID, *PVOID;
typedef void *HANDLE;
#include <airpcap.h>
}
#include "cygwin_utils.h"
class AirPcapSource : public PcapSource {
public:
AirPcapSource(string in_name, string in_dev) : PcapSource(in_name, in_dev) {
}
virtual int OpenSource();
virtual int FetchPacket(kis_packet *packet, uint8_t *data, uint8_t *moddata);
virtual int FetchDescriptor();
virtual int SetChannel(unsigned int in_ch, char *in_err);
protected:
virtual int FetchSignalLevels(int *in_siglev, int *in_noiselev);
PAirpcapHandle airpcap_handle;
HANDLE winpcap_evthandle;
Handle2Fd fd_mangle;
};
KisPacketSource *airpcapsource_registrant(string in_name, string in_device,
char *in_err);
KisPacketSource *airpcapsourceq_registrant(string in_name, string in_device,
char *in_err);
int chancontrol_airpcap(const char *in_dev, int in_ch, char *in_err, void *in_ext);
#endif
#endif
/*
This file is part of Kismet
Kismet is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
Kismet is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Kismet; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "airsnortdump.h"
#include "packetracker.h"
int AirsnortDumpFile::OpenDump(const char *file) {
snprintf(type, 64, "airsnort (weak packet) dump");
snprintf(filename, 1024, "%s", file);
num_dumped = 0;
dumper = new WtapDumpFile;
int ret;
ret = dumper->OpenDump(file);
if (ret < 0)
snprintf(errstr, 1024, "%s", dumper->FetchError());
return ret;
}
int AirsnortDumpFile::CloseDump() {
int ret;
ret = dumper->CloseDump();
if (ret < 0)
snprintf(errstr, 1024, "%s", dumper->FetchError());
// delete dumper;
return ret;
}
int AirsnortDumpFile::DumpPacket(const packet_info *in_info, const kis_packet *packet) {
int ret = 1;
// Is it a beacon? Do we know about this network? Log it if we don't.
if (in_info->type == packet_management && in_info->subtype == packet_sub_beacon) {
if (bssid_dumped_map.find(in_info->bssid_mac) == bssid_dumped_map.end()) {
// We only count weak packets as logged, not the headers
bssid_dumped_map[in_info->bssid_mac] = 1;
ret = dumper->DumpPacket(in_info, packet);
if (ret < 0)
snprintf(errstr, 1024, "%s", dumper->FetchError());
return ret;
}
}
// Is it weak? Always log them, and add it to our count
if (in_info->type == packet_data && in_info->interesting == 1) {
num_dumped++;
ret = dumper->DumpPacket(in_info, packet);
if (ret < 0)
snprintf(errstr, 1024, "%s", dumper->FetchError());
return ret;
}
return ret;
}
/*
This file is part of Kismet
Kismet is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
Kismet is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Kismet; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
// Dump a file in a format airsnort likes
#ifndef __AIRSNORTDUMP_H__
#define __AIRSNORTDUMP_H__
#include "config.h"
#include <stdio.h>
#include <string>
#include <map>
#include "dumpfile.h"
#include "wtapdump.h"
#include "wtaplocaldump.h"
class AirsnortDumpFile : public virtual DumpFile {
public:
int OpenDump(const char *file);
int CloseDump();
int DumpPacket(const packet_info *in_info, const kis_packet *packet);
protected:
DumpFile *dumper;
map<mac_addr, int> bssid_dumped_map;
};
#endif
/*
This file is part of Kismet
Kismet is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
Kismet is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Kismet; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "config.h"
#include "alertracker.h"
#include "server_globals.h"
#include "kismet_server.h"
Alertracker::Alertracker() {
next_alert_id = 0;
max_backlog = 0;
server = NULL;
protoref = -1;
}
Alertracker::~Alertracker() {
for (map<int, alert_rec *>::iterator x = alert_ref_map.begin();
x != alert_ref_map.end(); ++x)
delete x->second;
}
void Alertracker::AddTcpServer(TcpServer *in_server) {
server = in_server;
}
void Alertracker::AddAlertProtoRef(int in_ref) {
protoref = in_ref;
}
void Alertracker::SetAlertBacklog(int in_max) {
max_backlog = in_max;
}
int Alertracker::RegisterAlert(const char *in_header, alert_time_unit in_unit,
int in_rate, alert_time_unit in_burstunit,
int in_burst) {
// Bail if this header is registered
if (alert_name_map.find(in_header) != alert_name_map.end())
return -1;
if (in_burstunit > in_unit)
return -1;
alert_rec *arec = new alert_rec;
arec->ref_index = next_alert_id++;
arec->header = in_header;
arec->limit_unit = in_unit;
arec->limit_rate = in_rate;
arec->burst_unit = in_burstunit;
arec->limit_burst = in_burst;
arec->burst_sent = 0;
arec->time_last = 0;
alert_name_map[arec->header] = arec->ref_index;
alert_ref_map[arec->ref_index] = arec;
return arec->ref_index;
}
int Alertracker::FetchAlertRef(string in_header) {
if (alert_name_map.find(in_header) != alert_name_map.end())
return alert_name_map[in_header];
return -1;
}
int Alertracker::CheckTimes(alert_rec *arec) {
// Is this alert rate-limited? If not, shortcut out and send it
if (arec->limit_rate == 0) {
return 1;
}
struct timeval now;
gettimeofday(&now, NULL);
// If the last time we sent anything was longer than the main rate limit,
// then we reset back to empty
if (arec->time_last < (now.tv_sec - alert_time_unit_conv[arec->limit_unit])) {
arec->total_sent = 0;
arec->burst_sent = 0;
return 1;
}
// If the last time we sent anything was longer than the burst rate, we can
// reset the burst to 0
if (arec->time_last < (now.tv_sec - alert_time_unit_conv[arec->burst_unit])) {
arec->burst_sent = 0;
}
// If we're under the limit on both, we're good to go
if (arec->burst_sent < arec->limit_burst && arec->total_sent < arec->limit_rate) {
return 1;
}
return 0;
}
int Alertracker::PotentialAlert(int in_ref) {
map<int, alert_rec *>::iterator aritr = alert_ref_map.find(in_ref);
if (aritr == alert_ref_map.end())
return -1;
return CheckTimes(aritr->second);
}
int Alertracker::RaiseAlert(int in_ref, mac_addr bssid, mac_addr source,