Ρύθμιση kismet (monitor) σε ασύρματη κάρτα δικτύου Intel

[novize]

Γεια σας παιδιά!

Εγκατέστησα το kismet όπως το περιγράφει αυτή εδώ η σελίδα (γερμανική είναι) http://wardriving-forum.de/wiki/Kismet-Newcore

Δεν μου βρίσκει όμως δίκτυα. Βασικά πρέπει να τα ?????????? με τις ρυθμίσεις. Μπορείτε να μου εξηγήσετε σιγά-σιγά με απλά λόγια, τι πρέπει να εισάγω και που, ώστε να λειτουργήσει;

Το iwconfig μου βγάζει:

Κώδικας: Επιλογή όλων

lo no wireless extensions.

eth0 no wireless extensions.

wmaster0 no wireless extensions.

wlan0 IEEE 802.11abgn ESSID:"OTE CONNX"
Mode:Managed Frequency:2.437 GHz Access Point: 00:13:33:0B:A7:CE
Bit Rate=24 Mb/s Tx-Power=15 dBm
Retry min limit:7 RTS thr:off Fragment thr=2352 B
Power Management:off
Link Quality=55/100 Signal level:-72 dBm Noise level=-94 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

pan0 no wireless extensions.

To ifconfig μου βγάζει:

Κώδικας: Επιλογή όλων

eth0 Link encap:Ethernet HWaddr 00:90:f5:8c:2e:20
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:248 Base address:0xc000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1101 errors:0 dropped:0 overruns:0 frame:0
TX packets:1101 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:39577 (39.5 KB) TX bytes:39577 (39.5 KB)

wlan0 Link encap:Ethernet HWaddr 00:1f:3b:19:88:35
inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21f:3bff:fe19:8835/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18638 errors:0 dropped:0 overruns:0 frame:0
TX packets:15015 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20290092 (20.2 MB) TX bytes:2368074 (2.3 MB)

wmaster0 Link encap:UNSPEC HWaddr 00-1F-3B-19-88-35-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

[ftso]

Δες τις οδηγίες εδώ http://www.ubuntugeek.com/kismet-an-802 ... #more-1776 και εδώ http://kerneltrap.org/node/5414
Διαβάζοντας παράλληλα και τα δυο θα καταλάβεις τι πρέπει να κάνεις.

[novize]

Πρώτα απ' όλα ευχαριστώ για την απάντηση. Όμως φίλε μου, δεν κατάφερα τίποτα απολύτως. Με τα αγγλικά δεν τα πάω καλά αλλά και είμαι σχετικά καινούριος στον κόσμο του linux και για να είμαι ειλικρινής αυτά που γράφει στις σελίδες που μου έδειξες, μου φαίνονται κινέζικα.
Ακόμα δεν μπορώ να καταλάβω ποιο driver έχω κ.λπ. :no:

[ftso]

Χωρίς αγγλικά όμως λίγο δύσκολο να μάθεις και να δουλέψεις το kismet.
Το δύσκολο κομμάτι είναι να βρεις τον driver.
Η πιο απλή μέθοδος είναι να εκτελέσεις την εντολή:
lspci -nn η οποία θα σου δείξει ποια ακριβώς είναι η κάρτα σου και μετά την εντολή lsmod η οποία θα σου δείξει ποιους "drivers" έχεις εγκατεστημένους.
Μετά με μια αναζήτηση στο google για την κάρτα σου θα βρεις ποιος είναι ο driver.

[simosx]

Πρώτα απ' όλα ευχαριστώ για την απάντηση. Όμως φίλε μου, δεν κατάφερα τίποτα απολύτως. Με τα αγγλικά δεν τα πάω καλά αλλά και είμαι σχετικά καινούριος στον κόσμο του linux και για να είμαι ειλικρινής αυτά που γράφει στις σελίδες που μου έδειξες, μου φαίνονται κινέζικα.
Ακόμα δεν μπορώ να καταλάβω ποιο driver έχω κ.λπ. :no:

Έχεις ασύρματη κάρτα δικτύου Intel. Αυτό το έμαθα από τη διεύθυνση MAC που έδωσες παραπάνω, 00:1f:3b:19:88:35.
Έβαλα τη διεύθυνση αυτή στο
http://www.coffer.com/mac_find/ και είπε ο κατασκευαστής είναι Intel.

Για να θέσεις μια ασύρματη κάρτα σε κατάσταση monitor σε Ubuntu Linux πρέπει να
1. απενεργοποιήσεις το ασύρματο δίκτυο από το εικονίδιο του δικτύου (εικονίδιο επάνω δεξιά στην οθόνη, πάνω στη μπάρα. κάνεις δεξί κλικ, κτλ).
Αυτό είναι σημαντικό, διότι διαφορετικά ο NetworkManager θα προσπαθεί να βρει δίκτυα και θα μπερδεύει το kismet.
2. βάλεις την ασύρματη κάρτα σε κατάσταση monitor

Κώδικας: Επιλογή όλων

sudo iwconfig wlan0 mode monitor

3. ενεργοποιήσεις τη συσκευή της ασύρματης κάρτας δικτύου

Κώδικας: Επιλογή όλων

ifconfig wlan0 up


και τώρα ξεκινάς με το kismet.

Για να επαναφέρεις το σύστημα σε κατάσταση λειτουργίας ασύρματου δικτύου,
1. κλείνεις το kismet
2. απενεργοποιείς τη συσκευή

Κώδικας: Επιλογή όλων

sudo ifconfig wlan0 down


3. βγάζεις την κάρτα από κατάσταση monitor και την βάζεις σε κατάσταση managed

Κώδικας: Επιλογή όλων

sudo iwconfig wlan0 mode managed


4. ενεργοποιείς τη συσκευή της αασύρματης κάρτας δικτύου

Κώδικας: Επιλογή όλων

sudo ifconfig wlan0 up


5. ενεργοποιείς το δίκτυο από το μικρό εικονίδιο, πάνω δεξιά στην οθόνη.

Αν όλα πάνε στραβά, κάνεις μια επανεκκίνηση.

[novize]

Ευχαριστώ για τις απαντήσεις!

simosx --» Μετά απ' αυτά που μου έγραψες και έβαλα, μου βγάζει αυτό:

ftso --»

Κώδικας: Επιλογή όλων

novize@novize-laptop:~$ lspci -nn
00:00.0 Host bridge [0600]: Intel Corporation Mobile 4 Series Chipset Memory Controller Hub [8086:2a40] (rev 07)
00:01.0 PCI bridge [0604]: Intel Corporation Mobile 4 Series Chipset PCI Express Graphics Port [8086:2a41] (rev 07)
00:1a.0 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #4 [8086:2937] (rev 03)
00:1a.1 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #5 [8086:2938] (rev 03)
00:1a.2 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #6 [8086:2939] (rev 03)
00:1a.7 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #2 [8086:293c] (rev 03)
00:1b.0 Audio device [0403]: Intel Corporation 82801I (ICH9 Family) HD Audio Controller [8086:293e] (rev 03)
00:1c.0 PCI bridge [0604]: Intel Corporation 82801I (ICH9 Family) PCI Express Port 1 [8086:2940] (rev 03)
00:1c.1 PCI bridge [0604]: Intel Corporation 82801I (ICH9 Family) PCI Express Port 2 [8086:2942] (rev 03)
00:1c.2 PCI bridge [0604]: Intel Corporation 82801I (ICH9 Family) PCI Express Port 3 [8086:2944] (rev 03)
00:1c.3 PCI bridge [0604]: Intel Corporation 82801I (ICH9 Family) PCI Express Port 4 [8086:2946] (rev 03)
00:1c.4 PCI bridge [0604]: Intel Corporation 82801I (ICH9 Family) PCI Express Port 5 [8086:2948] (rev 03)
00:1d.0 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #1 [8086:2934] (rev 03)
00:1d.1 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #2 [8086:2935] (rev 03)
00:1d.2 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #3 [8086:2936] (rev 03)
00:1d.7 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #1 [8086:293a] (rev 03)
00:1e.0 PCI bridge [0604]: Intel Corporation 82801 Mobile PCI Bridge [8086:2448] (rev 93)
00:1f.0 ISA bridge [0601]: Intel Corporation ICH9M LPC Interface Controller [8086:2919] (rev 03)
00:1f.2 SATA controller [0106]: Intel Corporation ICH9M/M-E SATA AHCI Controller [8086:2929] (rev 03)
00:1f.3 SMBus [0c05]: Intel Corporation 82801I (ICH9 Family) SMBus Controller [8086:2930] (rev 03)
01:00.0 VGA compatible controller [0300]: nVidia Corporation GeForce 9300M GS [10de:06e9] (rev a1)
02:00.0 Network controller [0280]: Intel Corporation PRO/Wireless 4965 AG or AGN [Kedron] Network Connection [8086:4229] (rev 61)
07:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller [10ec:8168] (rev 02)
08:00.0 System peripheral [0880]: JMicron Technologies, Inc. SD/MMC Host Controller [197b:2382]
08:00.2 SD Host controller [0805]: JMicron Technologies, Inc. Standard SD Host Controller [197b:2381]
08:00.3 System peripheral [0880]: JMicron Technologies, Inc. MS Host Controller [197b:2383]
08:00.4 System peripheral [0880]: JMicron Technologies, Inc. xD Host Controller [197b:2384]

Κώδικας: Επιλογή όλων

novize@novize-laptop:~$ lsmod
Module Size Used by
binfmt_misc 18572 1
ppdev 16904 0
bridge 63776 0
stp 11140 1 bridge
bnep 22912 2
input_polldev 12688 0
lp 19588 0
parport 49584 2 ppdev,lp
joydev 20992 0
snd_hda_intel 557492 4
snd_pcm_oss 52352 0
snd_mixer_oss 24960 1 snd_pcm_oss
arc4 10240 2
ecb 11392 2
snd_pcm 99464 3 snd_hda_intel,snd_pcm_oss
snd_seq_dummy 11524 0
iwlagn 114820 0
snd_seq_oss 41984 0
iwlcore 106496 1 iwlagn
snd_seq_midi 15744 0
snd_rawmidi 33920 1 snd_seq_midi
led_class 13064 1 iwlcore
snd_seq_midi_event 16512 2 snd_seq_oss,snd_seq_midi
snd_seq 66272 6 snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_seq_midi_event
snd_timer 34064 2 snd_pcm,snd_seq
snd_seq_device 16276 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_rawmidi,snd_seq
mac80211 251528 2 iwlagn,iwlcore
video 29204 5
snd 78920 16 snd_hda_intel,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_seq_oss,snd_rawmidi,snd_seq,snd_timer,snd_seq_device
soundcore 16800 1 snd
snd_page_alloc 18704 2 snd_hda_intel,snd_pcm
psmouse 64028 0
sdhci_pci 16896 0
sdhci 27396 1 sdhci_pci
iTCO_wdt 21712 0
iTCO_vendor_support 12420 1 iTCO_wdt
hid_a4tech 11392 0
nvidia 8123768 48
cfg80211 43680 3 iwlagn,iwlcore,mac80211
output 11648 1 video
pcspkr 11136 0
serio_raw 14468 0
usbhid 47040 0
intel_agp 39408 0
r8169 46596 0
mii 14464 1 r8169
fbcon 49792 0
tileblit 11264 1 fbcon
font 17024 1 fbcon
bitblit 14464 1 fbcon
softcursor 10368 1 bitblit

[novize]

Το /usr/local/etc/kismet.conf έχει ως εξής:

Κώδικας: Επιλογή όλων

# Kismet config file
# Most of the "static" configs have been moved to here -- the command line
# config was getting way too crowded and cryptic. We want functionality,
# not continually reading --help!

# Version of Kismet config
version=2009-newcore

# Name of server (Purely for organizational purposes)
servername=Kismet_2009

# Prefix of where we log (as used in the logtemplate later)
# logprefix=/some/path/to/logs

# Do we allow plugins to be used?
allowplugins=true

# See the README for full information on the new source format
# ncsource=interface:options
# for example:
# ncsource=wlan0
# ncsource=wifi0:type=madwifi
# ncsource=wlan0:name=intel,hop=false,channel=11

# Comma-separated list of sources to enable. This is only needed if you defined
# multiple sources and only want to enable some of them. By default, all defined
# sources are enabled.
# For example:
# enablesources=prismsource,ciscosource

# How many channels per second do we hop? (1-10)
channelvelocity=5

# By setting the dwell time for channel hopping we override the channelvelocity
# setting above and dwell on each channel for the given number of seconds.
#channeldwell=10

# Channels are defined as:
# channellist=name:ch1,ch2,ch3
# or
# channellist=name:range-start-end-width-offset,ch,range,ch,...
#
# Channels may be a numeric channel or a frequency
#
# Channels may specify an additional wait period. For common default channels,
# an additional wait period can be useful. Wait periods delay for that number
# of times per second - so a configuration hopping 10 times per second with a
# channel of 6:3 would delay 3/10ths of a second on channel 6.
#
# Channel lists may have up to 256 channels and ranges (combined). For power
# users scanning more than 256 channels with a single card, ranges must be used.
#
# Ranges are meant for "power users" who wish to define a very large number of
# channels. A range may specify channels or frequencies, and will automatically
# sort themselves to cover channels in a non-overlapping fashion. An example
# range for the normal 802.11b/g spectrum would be:
#
# range-1-11-3-1
#
# which indicates starting at 1, ending at 11, a channel width of 3 channels,
# incrementing by one. A frequency based definition would be:
#
# range-2412-2462-22-5
#
# since 11g channels are 22 mhz wide and 5 mhz apart.
#
# Ranges have the flaw that they cannot be shared between sources in a non-overlapping
# way, so multiple sources using the same range may hop in lockstep with each other
# and duplicate the coverage.
#
# channellist=demo:1:3,6:3,11:3,range-5000-6000-20-10

# Default channel lists
# These channel lists MUST BE PRESENT for Kismet to work properly. While it is
# possible to change these, it is not recommended. These are used when the supported
# channel list can not be found for the source; to force using these instead of
# the detected supported channels, override with channellist= in the source defintion
channellist=IEEE80211b:1:3,6:3,11:3,2,7,3,8,4,9,5,10
channellist=IEEE80211a:36,40,44,48,52,56,60,64,149,153,157,161,165
channellist=IEEE80211ab:1:3,6:3,11:3,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64,149,153,157,161,165

# Client/server listen config
listen=tcp://127.0.0.1:2501
# People allowed to connect, comma seperated IP addresses or network/mask
# blocks. Netmasks can be expressed as dotted quad (/255.255.255.0) or as
# numbers (/24)
allowedhosts=127.0.0.1
# Maximum number of concurrent GUI's
maxclients=5
# Maximum backlog before we start throwing out or killing clients. The
# bigger this number, the more memory and the more power it will use.
maxbacklog=5000

# Server + Drone config options
# dronelisten=tcp://127.0.0.1:3501
# droneallowedhosts=127.0.0.1
# dronemaxclients=5
# droneringlen=65535

# OUI file, expected format 00:11:22<tab>manufname
# IEEE OUI file used to look up manufacturer info. We default to the
# wireshark one since most people have that.
ouifile=/etc/manuf
ouifile=/usr/share/wireshark/wireshark/manuf
ouifile=/usr/share/wireshark/manuf

# Do we have a GPS?
gps=true
# Do we use a locally serial attached GPS, or use a gpsd server?
# (Pick only one)
gpstype=gpsd
# gpstype=serial
# What serial device do we look for the GPS on?
gpsdevice=/dev/rfcomm0
# Host:port that GPSD is running on. This can be localhost OR remote!
gpshost=localhost:2947
# Do we lock the mode? This overrides coordinates of lock "0", which will
# generate some bad information until you get a GPS lock, but it will
# fix problems with GPS units with broken NMEA that report lock 0
gpsmodelock=false
# Do we try to reconnect if we lose our link to the GPS, or do we just
# let it die and be disabled?
gpsreconnect=true

# Do we export packets over tun/tap virtual interfaces?
tuntap_export=false
# What virtual interface do we use
tuntap_device=kistap0

# Packet filtering options:
# filter_tracker - Packets filtered from the tracker are not processed or
# recorded in any way.
# filter_dump - Packets filtered at the dump level are tracked, displayed,
# and written to the csv/xml/network/etc files, but not
# recorded in the packet dump
# filter_export - Controls what packets influence the exported CSV, network,
# xml, gps, etc files.
# All filtering options take arguments containing the type of address and
# addresses to be filtered. Valid address types are 'ANY', 'BSSID',
# 'SOURCE', and 'DEST'. Filtering can be inverted by the use of '!' before
# the address. For example,
# filter_tracker=ANY(!"00:00:DE:AD:BE:EF")
# has the same effect as the previous mac_filter config file option.
# filter_tracker=...
# filter_dump=...
# filter_export=...
# filter_netclient=...

# Alerts to be reported and the throttling rates.
# alert=name,throttle/unit,burst
# The throttle/unit describes the number of alerts of this type that are
# sent per time unit. Valid time units are second, minute, hour, and day.
# Burst describes the number of alerts sent before throttling takes place.
# For example:
# alert=FOO,10/min,5
# Would allow 5 alerts through before throttling is enabled, and will then
# limit the number of alerts to 10 per minute.
# A throttle rate of 0 disables throttling of the alert.
# See the README for a list of alert types.
alert=ADHOCCONFLICT,5/min,1/sec
alert=AIRJACKSSID,5/min,1/sec
alert=APSPOOF,10/min,1/sec
alert=BCASTDISCON,5/min,2/sec
alert=BSSTIMESTAMP,5/min,1/sec
alert=CHANCHANGE,5/min,1/sec
alert=CRYPTODROP,5/min,1/sec
alert=DISASSOCTRAFFIC,10/min,1/sec
alert=DEAUTHFLOOD,5/min,2/sec
alert=DEAUTHCODEINVALID,5/min,1/sec
alert=DISCONCODEINVALID,5/min,1/sec
alert=DHCPNAMECHANGE,5/min,1/sec
alert=DHCPOSCHANGE,5/min,1/sec
alert=DHCPCLIENTID,5/min,1/sec
alert=DHCPCONFLICT,10/min,1/sec
alert=NETSTUMBLER,5/min,1/sec
alert=LUCENTTEST,5/min,1/sec
alert=LONGSSID,5/min,1/sec
alert=MSFBCOMSSID,5/min,1/sec
alert=MSFDLINKRATE,5/min,1/sec
alert=MSFNETGEARBEACON,5/min,1/sec
alert=NULLPROBERESP,5/min,1/sec
#alert=PROBENOJOIN,5/min,1/sec

# Controls behavior of the APSPOOF alert. SSID may be a literal match (ssid=) or
# a regex (ssidregex=) if PCRE was available when kismet was built. The allowed
# MAC list must be comma-separated and enclosed in quotes if there are multiple
# MAC addresses allowed. MAC address masks are allowed.
apspoof=Foo1:ssidregex="(?i:foobar)",validmacs=00:11:22:33:44:55
apspoof=Foo2:ssid="Foobar",validmacs="00:11:22:33:44:55,aa:bb:cc:dd:ee:ff"

# Known WEP keys to decrypt, bssid,hexkey. This is only for networks where
# the keys are already known, and it may impact throughput on slower hardware.
# Multiple wepkey lines may be used for multiple BSSIDs.
# wepkey=00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900

# Is transmission of the keys to the client allowed? This may be a security
# risk for some. If you disable this, you will not be able to query keys from
# a client.
allowkeytransmit=true

# How often (in seconds) do we write all our data files (0 to disable)
writeinterval=300

# Do we use sound?
# Not to be confused with GUI sound parameter, this controls wether or not the
# server itself will play sound. Primarily for headless or automated systems.
enablesound=false
# Path to sound player
soundbin=play

sound=newnet,true
sound=newcryptnet,true
sound=packet,true
sound=gpslock,true
sound=gpslost,true
sound=alert,true

# Does the server have speech? (Again, not to be confused with the GUI's speech)
enablespeech=false
# Binary used for speech (if not in path, full path must be specified)
speechbin=flite
# Specify raw or festival; Flite (and anything else that doesn't need formatting
# around the string to speak) is 'raw', festival requires the string be wrapped in
# SayText("...")
speechtype=raw

# How do we speak? Valid options:
# speech Normal speech
# nato NATO spellings (alpha, bravo, charlie)
# spell Spell the letters out (aye, bee, sea)
speechencoding=nato

speech=new,"New network detected s.s.i.d. %1 channel %2"
speech=alert,"Alert %1"
speech=gpslost,"G.P.S. signal lost"
speech=gpslock,"G.P.S. signal O.K."

# How many alerts do we backlog for new clients? Only change this if you have
# a -very- low memory system and need those extra bytes, or if you have a high
# memory system and a huge number of alert conditions.
alertbacklog=50

# File types to log, comma seperated. Built-in log file types:
# alert Text file of alerts
# gpsxml XML per-packet GPS log
# nettxt Networks in text format
# netxml Networks in XML format
# pcapdump tcpdump/wireshark compatible pcap log file
# string All strings seen (increases CPU load)
logtypes=pcapdump,gpsxml,netxml,nettxt,alert

# Format of the pcap dump (PPI or 80211)
pcapdumpformat=ppi
# pcapdumpformat=80211

# Default log title
logdefault=Kismet

# logtemplate - Filename logging template.
# This is, at first glance, really nasty and ugly, but you'll hardly ever
# have to touch it so don't complain too much.
#
# %p is replaced by the logging prefix + '/'
# %n is replaced by the logging instance name
# %d is replaced by the starting date as Mon-DD-YYYY
# %D is replaced by the current date as YYYYMMDD
# %t is replaced by the starting time as HH-MM-SS
# %i is replaced by the increment log in the case of multiple logs
# %l is replaced by the log type (pcapdump, strings, etc)
# %h is replaced by the home directory

logtemplate=%p%n-%D-%t-%i.%l

# Where state info, etc, is stored. You shouldnt ever need to change this.
# This is a directory.
configdir=%h/.kismet/

[simosx]

Το /usr/local/etc/kismet.conf έχει ως εξής:

Κώδικας: Επιλογή όλων

# Kismet config file
...
# ncsource=wlan0:name=intel,hop=false,channel=11
...


Απλά εδώ βγάζεις το # από την αρχή της γραμμής.

Η επιλογή που έβαλες, hop=false, channel=11 έχει ως αποτέλεσμα να ψάχνει για ασύρματα δίκτυα μόνο στο κανάλι 11. Θέλει hop=true για να κοιτάει και σε άλλα κανάλι.
Από το ίδιο το kismet μπορείς μετά να κλειδώσεις σε κάποιο κανάλι της επιλογής σου.

[novize]

Εντάξει, αλλά και πάλι μου ζητάει να βάλω capture interface / source. Τι βάζω εκεί μέσα;

[simosx]

Εντάξει, αλλά και πάλι μου ζητάει να βάλω capture interface / source. Τι βάζω εκεί μέσα;

Οι οδηγίες που έδωσα ήταν ειδικά για το kismet 2007, ενώ χρησιμοποιείς το νέο kismet (NEW-CORE).
Στο νέο kismet έχεις τη δυνατότητα να ρυθμίσεις την ασύρματη συσκευή μέσα από το ίδιο το πρόγραμμα,
οπότε δε χρειάζεται πια να επεξεργάζεσαι το kismet.conf.
Οπότε για συσκευή βάζεις το 'wlan0'.

Πως εγκατέστησες το kismet NEW-CORE; Κατά τη μεταγλώττιση έχει μια σειρά από επιλογές όπου αναφέρει αν θα είναι σε θέση να χειριστεί την ασύρματη κάρτα πλήρως. Βρήκες πακέτο ή έκανες μεταγλώττιση ο ίδιος;