Friday, March 23, 2007

Wireless Ubuntu on Thinkpad x60s

I'm used to doing everything manually when running wireless FreeBSD on older laptops. Running Ubuntu has shielded me from some of the command-line configuration I used to perform on FreeBSD. Linux uses different commands for certain tasks. My new laptop also has a different chipset from my old laptop, so I wanted to see if I could get Kismet working on it.

If I want to find wireless networks via the command line I use this command.

richard@neely:~$ sudo iwlist eth1 scan
eth1 Scan completed :
Cell 01 - Address: 00:13:10:65:2F:AD
ESSID:"shaolin"
Protocol:IEEE 802.11bg
Mode:Master
Channel:1
Encryption key:on
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s
11 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
48 Mb/s; 54 Mb/s
Quality=76/100 Signal level=-58 dBm Noise level=-58 dBm
Extra: Last beacon: 68ms ago
...truncated...

If I want to associate with that WAP using WEP I use this command.

richard@neely:~$ sudo iwconfig eth1 essid shaolin channel 1 key KEYDIGITS

I am associated now.

richard@neely:~$ iwconfig eth1
eth1 IEEE 802.11g ESSID:"shaolin"
Mode:Managed Frequency:2.412 GHz Access Point: 00:13:10:65:2F:AD
Bit Rate:54 Mb/s Tx-Power:15 dBm
Retry limit:15 RTS thr:off Fragment thr:off
Power Management:off
Link Quality=76/100 Signal level=-58 dBm Noise level=-59 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:2909 Missed beacon:0

I can grab an IP via DHCP.

richard@neely:~$ sudo dhclient eth1
Internet Systems Consortium DHCP Client V3.0.4
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

Listening on LPF/eth1/00:13:02:4c:30:2d
Sending on LPF/eth1/00:13:02:4c:30:2d
Sending on Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8
DHCPOFFER from 192.168.2.1
DHCPREQUEST on eth1 to 255.255.255.255 port 67
DHCPACK from 192.168.2.1
bound to 192.168.2.103 -- renewal in 42728 seconds.

Here is ifconfig output.

richard@neely:~$ ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:13:02:4C:30:2D
inet addr:192.168.2.103 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::213:2ff:fe4c:302d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4984 errors:19 dropped:2928 overruns:0 frame:0
TX packets:239 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5491350 (5.2 MiB) TX bytes:188020 (183.6 KiB)
Interrupt:74 Base address:0xc000 Memory:edf00000-edf00fff

I can check my gateway.

richard@neely:~$ netstat -nr -4
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
172.16.250.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
172.16.207.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth1

I can change my IP from DHCP to static.

richard@neely:~$ sudo killall dhclient
richard@neely:~$ sudo ifconfig eth1 inet 192.168.2.8 netmask 255.255.255.0 up
richard@neely:~$ ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:13:02:4C:30:2D
inet addr:192.168.2.8 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::213:2ff:fe4c:302d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5625 errors:20 dropped:2929 overruns:0 frame:0
TX packets:245 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5492954 (5.2 MiB) TX bytes:192494 (187.9 KiB)
Interrupt:74 Base address:0xc000 Memory:edf00000-edf00
ichard@neely:~$ sudo route add default gw 192.168.2.1
richard@neely:~$ netstat -nr -4
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
172.16.250.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
172.16.207.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth1

Here are the changes I made to enable Kismet after checking my wireless card.

richard@neely:~$ sudo lshw -businfo | grep eth1
pci@03:00.0 eth1 network PRO/Wireless 3945ABG Network Connection

richard@neely:~$ diff -u /etc/kismet/kismet.conf.orig /etc/kismet/kismet.conf
--- /etc/kismet/kismet.conf.orig 2007-03-23 09:53:28.000000000 -0400
+++ /etc/kismet/kismet.conf 2007-03-23 09:56:00.000000000 -0400
@@ -7,10 +7,10 @@
version=2005.06.R1

# Name of server (Purely for organizational purposes)
-servername=Kismet
+servername=neely

# User to setid to (should be your normal user)
-#suiduser=your_user_here
+suiduser=richard

# Sources are defined as:
# source=sourcetype,interface,name[,initialchannel]
@@ -19,7 +19,7 @@
# The initial channel is optional, if hopping is not enabled it can be used
# to set the channel the interface listens on.
# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
-source=none,none,addme
+source=ipw3945,eth1,addme

Kismet works fine. When operating eth1 is in monitor mode.

richard@neely:~$ iwconfig eth1
eth1 unassociated ESSID:"shaolin"
Mode:Monitor Frequency=2.412 GHz Access Point: 00:13:10:65:2F:AD
Bit Rate:0 kb/s Tx-Power:16 dBm
Retry limit:15 RTS thr:off Fragment thr:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0

When Kismet exits I'm able to cleanly use my original connection.

6 comments:

iamnowonmai said...

How about wpa_supplicant instead of wep?

Richard Bejtlich said...

Not all of the gear in my house supports WPA, so I'm stuck with the lowest common denominator (WEP) for now.

Anonymous said...

Hey richard, nice config there. Know i know how to scan using iwlist eth0 scan.

http://hackathology.blogspot.com

Da Kahuna said...

Richard,

Why all the trouble. Download and install Automatix2 and then install Network Manager.

With Network Manager you can choose to use wireless or wired connection and it shows all of the SSID's that are around.

DK

Richard Bejtlich said...

da kahuna -- I installed Network Manager via Applications -> Add/Remove, and it's supposed to be in Applications -> Internet, but it's not there? Any help?

It did install, since I can see it in dpkg --list.

richard@neely:~$ dpkg --list | grep network-manager
ii network-manager 0.6.3-2ubuntu6 network management framework daemon
ii network-manager-gnome 0.6.3-2ubuntu6 network management framework (GNOME frontend

Tried a reboot too.

Anonymous said...

If you go to System->Preferences->Sessions, then select "Startup Programs" tab, and add the following command:

nm-applet --sm-disable

Network Monitor will show up on the panel when you restart.