Using Kismet under FreeBSD

Kismet sounds to be a nice tool for Wi-Fi diagnostics. Port installation can be easily done via: 

cd /usr/ports/net-mgmt/kismet && make install clean

Within newly installed /usr/local/etc/kismet.conf, one needs to enable particular packet sources, Wi-Fi channels and a user, to which kismet(1) with setuid(2):

Depending on kismet version, there are two different packet sources formats. Users of port version older than 2010.07.r1,1 (port tree copy older than 2010-10-03) have Kismet-Old, newer port version use Kismet-Newcore.

Kismet-Newcore

Kismet-Newcore (currently the base Kismet code) use ncsource= variable and this syntax: 

ncsource=<wireless device>:type=<wireless nic type/capture format>,name=<user friendly source name>

Sample Kismet-Newcore configuration: 

ncsource=wlan0:type=radiotap_bsd_g,name=ath_pci

FreeBSD supports following types (depending on hardware): radiotap_bsd_ag, radiotap_bsd_a, radiotap_bsd_g, radiotap_bsd_b.

Kismet-Newcore have setuid-root capture helper binary kismet_capture which may be executed by users in the kismet group. Add your user to kismet group before you run kismet. Option suiduser was removed from configuration file in Kismet-Newcore.

Kismet-Old

Kismet-Old release (Kismet-Old2009-05-R1) use source= variable, with different format: 

source=<wireless nic type/capture format>,<wireless device>,<user friendly source name>

Sample FreeBSD configuration for Kismet-Old: 

suiduser = <your user here>

[...]

source=radiotap_bsd_ab,wlan0,bsd

[...]
sourcechannels=radiotap_bsd_ab:1,6,11,2,7,3,8,4,9,5,10

In order to make kismet text-based CLI to work, one needs to enable DBUS. It should be already installed in your system. Enabling means inserting particular line into your /etc/rc.conf file: 

dbus_enable="yes"

Creating monitor VAP

In order to start working with wlan0 interface which we have mentioned as a available packet source, we need to create it. This step is different from creating WLAN interface in default mode -- we need to create VAP (Virtual Access Point) interface working in "monitor mode": 

ifconfig wlan create wlandev bwi0 wlanmode monitor

for Broadcom-based card, or: 

ifconfig wlan create wlandev ath0 wlanmode monitor

for Atheros-based card.

This is basically the end of the setup procedure. You can start Kismet right now.

Let me know if this short tutorial has some flaws:

Wojciech A. Koszek <wkoszek AT FreeBSD DOT org>

Kismet (last edited 2020-02-11T06:30:19+0000 by TrevorRoydhouse)