I recently purchases a Cisco Aironet 350 wireless card to use for local wireless network audits. This worked very well on my Thinkpad laptop using the excellent tool Kismet. However, I could not get it to run on my ipaq. An upgrade to the Familiar 5.3 distribution didn't help; there was a missing library. Well, there were many more problems to overcome, and they took considerable research and debugging. With a lot of help from Jerry Shenk, who had already solved most of the problems, I finally got it running. This page documents the various steps required for myself, in case I need to reinstall, and for others.

This page may make it seem as though Kismet is a lot of trouble to get running, or that it was poorly put together. On the contrary, it's a great package, and works very well. The author did a great job of making a very handy tool work with myriad hardware across a plethora of platforms. (For instance, it compiled and ran without a hitch on my old Thinkpad.) I'm very grateful for the great job he did.

Required Components

This configuration consists of the following versions of the various pieces:

1. An iPAQ PDA. Mine's a 3835, but I don't know how model-specific this infomation is, really.
2. The Familiar 5.3 GNU/linux distribution
3. Kismet 2.4
4. A Cisco Aironet 350 wireless PCMCIA card
5. The libpanel.so.5 system library. This is available from the DEC (HP? Compaq?) skiffcluster, and can also be obtained below.
6. For sound, the .wav files from the source distribution. (Also available below.)
7. Optional, additional start/stop scripts which are detailed below.

Problems and Remedies

Configuration changes

After installing Familiar, and the Cisco wireless card (which went very smoothly for me), the next step is to obtain and install the Kismet package that is available for download from its web site. The installer runs without any output, and places everything in /usr/local/etc and /usr/local/bin.

Before anything else, the configuration files must be edited. Edit kismet.conf to specify the macfilter, change the capinterface to wifi0, card type to cisco, and any other changes that one wants. I also created a /root/kismet directory and changed the logtemplate to put all logs in there.

Next, edit kismet_ui.conf to set sound to true, and color to false.

The first attempt to run kismet will result in an error about a missing library. This can be obtained from /usr/lib in one of the skiffcluster machines, or it can be downloaded from here:

libpanel.so.5.2 (14.7kb)

Dropt this into /usr/lib. Just 'cos I'm thorough (read superstitious), I also created links to libpanel.so.5 and libpanel.so. Both are probably not necessary, but hey, ya' never know what some other app down the road might want:

ln -s /usr/lib/libpanel.so.5.2 /usr/lib/libpanel.so.5
ln -s /usr/lib/libpanel.so.5.2 /usr/lib/libpanel.so

Blank display

Incompatabilities exist in the default colors of rxvt as it is implemented on the iPaq and the colors displayed by kismet. When one does discover a nearby network, its information will be invisible. This can be overcome by launching kismet in a new terminal window set to a dark background:

rxvt-aa -bg black -fg white -e kismet

No sniffing and a broken network

The Cisco Aironet 350 works exceedingly well on the iPaq right "out of the box". At least, for a network connection, it works well. Once one discovers the right combination, it works very well for kismet, too. Unfortunately, the two settings don't work well together, and setting up a working network makes kismet inoperable and vice versa.

In particular, the eth0 device must be configured by kismet for sniffing, but the wifi0 device is the one that is actually used for packet capture. Also, once the ESSID and WEP key have been reset, they don't easily obtain their former values. This results in no operation for kismet, or once it is working, no network once kismet has been run. After much experimentation, I have developed procedures that reliably switch the card between the two modes of operation. These have been put into scripts that can be used to launch kismet, and to restore network operation. Although close examination will make them appear to be very redundant (especially compaired to kismet_monitor and kismet_unmonitor), experience has shown that all steps are required.

#!/bin/sh
PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin
cardctl scheme kismet
ifconfig eth0 down
kismet_monitor -i eth0
ifconfig wifi0 up
echo "Mode: r" > /proc/driver/aironet/eth0/Config
echo "Mode: y" > /proc/driver/aironet/eth0/Config
{ rxvt-aa -bg black -fg white -e kismet ; stop.kismet; }

stop.kismet

#!/bin/sh
PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin

kismet_unmonitor -i eth0
ifconfig eth0 down
ifconfig wifi0 down

cardctl scheme none

echo "reseting card parms..."

iwconfig wifi0 channel 3
iwconfig wifi0 mode ad-hoc
iwconfig wifi0 key [1] restricted

iwconfig eth0 channel 3
iwconfig eth0 mode ad-hoc
iwconfig eth0 key [1] restricted

echo "waiting 3 seconds for card to settle out..."
sleep 3

echo "ejecting card and reinserting after 3 seconds..."
cardctl eject 0
sleep 3
cardctl insert 0

These scripts can be obtained here, and installed in /usr/bin or /usr/local/bin to make the use of kismet as easy as issuing a single command: start.kismet. Note that start.kismet also takes care of launching an appropriate terminal window, and performing the necessary cleanup to restore network operation at the end of the run.

• start.kismet
• stop.kismet

No sound

If you have a minimal Familiar install, without the sox package, you can still play sounds. Enable sound in the config file, and create a substitute for /usr/bin/play with this command:

cat  /usr/bin/play
#!/bin/sh
cat "$1" >/dev/dsp
EOF
chmod 755 /usr/bin/play

Next problem is that no sound files are included in the package for the ipaq. One can either grab the source distribution, or get them from here:

• traffic.wav
• junk_traffic.wav
• new_network.wav

Once obtained, create the directory where they belong, and move them there:

mkdir -p /usr/local/share/kismet/wav
mv *.wav /usr/local/share/kismet/wav

enjoy!
...dave