Red Hat Linux 9.0 + Airsnort HOWTO

[email protected]
Created – October 30, 2002
Last updated – January 6, 2004    

Modified for Airsnort  January 31 2004
[email protected] 

Acknowledgment

This HOWTO  is a modification and expands on the excellent Red Hat Linux 8.0 + Kismet HOWTO written by [email protected]

Description

The primary goal of this How-To is to install and configure Red Hat Linux 9.0 with Airsnort  These instructions were created using the following hardware : Asus P4PE-V, Pentium 4 Motherboard based PC with Red Hat 9 on a 6.4GB IDE hard drive. The wireless card used is a Lucent Agere mini PCI card installed in a full size PCI adapter card. Although, these instructions were created for my particular situation, they may apply to other configurations.

Index

  1. Install Red Hat 9.0 (2.4.20-8)
  2. Download Required Files
  3. Update to the most recent packages (optional as I did not do it)
  4. Install Orinoco drivers
  5. Install pkg-config  (Required)
  6. Install GLIB (Required)
  7. Install Pango  (Required)
  8. Install ATK  (Required)
  9. Install GTK+ (Required)
  10. Install Libpcap (Required)
  11. Install Airsnort ( That’s the whole idea behind this HOWTO)
  12. Running Airsnort  
  13. To-Do
  14. Change Log
  15. Questions/Comments/Concerns
  16. Credits

Install Red Hat 9.0 Linux

Finish Installation

Download Required Files

Several files will be required to complete the installation process. Download the following files into the specified directories:

Login with your username and password.

Start a terminal window.

Install the Orinoco Drivers

There are several different drivers that work with Orinoco wireless NICs. The best and most popular drivers are written by David Gibson, but do not include support to put the card into monitor mode. The Orinoco drivers by must be modified with a patch from Shmoo to enable this functionality. To find out more information about the Orinoco drivers visit http://ozlabs.org/people/dgibson/dldwd/.  Additionally, for information about the Shmoo patch for Orinoco cards, visit http://airsnort.shmoo.com/orinocoinfo.html.

Install the Orinoco drivers

# cd or # cd /root/
# tar -zxf orinoco-0.13e.tar.gz
# patch -p0 < orinoco-0.13e-patch.diff

patching file orinoco-0.13e/hermes.c
patching file orinoco-0.13e/hermes.h
patching file orinoco-0.13e/orinoco.c
patching file orinoco-0.13e/orinoco.h
# cd /root/orinoco-0.13e  

# make
# make install

Restart the pcmcia service

# service pcmcia restart

To test that the Orinoco drivers have installed correctly, you should see the following lines after running the “dmesg“ command.

                    # dmesg

hermes.c: 4 Dec 2002 David Gibson <[email protected]>
orinoco.c 0.13e (David Gibson <[email protected]> and others)
orinoco_cs.c 0.13e (David Gibson <[email protected]> and others)
eth0: Station identity 001f:0001:0008:000a
eth0: Looks like a Lucent/Agere firmware version 6.16
eth0: Ad-hoc demo mode supported
eth0: IEEE standard IBSS ad-hoc mode supported
eth0: WEP supported, 104-bit key
eth0: MAC address 00:02:DE:AD:BE:EF
eth0: Station name "HERMES I"
eth0: ready
eth0: index 0x01: Vcc 5.0, irq 3, io 0x0100-0x013f
eth0: New link status: Connected (0001)

Additionally, to test that the Shmoo patch installed correctly, you should see “monitor” listed as one of the available features.

# iwpriv eth0
eth0 Available private ioctl :
    force_reset      (8BE0) : set 0 & get 0
    card_reset reset (8BE1) : set 0 & get 0
    set_port3 reset  (8BE2) : set 1 int & get 0
    get_port3        (8BE3) : set 0 & get 1 int
    set_preamble     (8BE4) : set 1 int & get 0
    get_preamble     (8BE5) : set 0 & get 1 int
    set_ibssport     (8BE6) : set 1 int & get 0
    get_ibssport     (8BE7) : set 0 & get 1 int
    monitor          (8BE8) : set 2 int & get 0

    dump_recs        (8BFF) : set 0     & get 0

Set the package config search path using the EXPORT PKG_CONFIG_PATH command

# Export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/usr/lib/pkgconfig

Install PkgConfig (Required)

pkg-config is a system for managing library compile/link flags that works with automake and autoconf. It replaces the ubiquitous *-config scripts you may have seen with a single tool.

Expand the pkg-config file

# cd /root
# tar –xzf pkgconfig-0.15.0.tar.gz
# cd /root/pkgconfig-0.15.0

Compile and install

# ./configure
# make
# make install

Install Glib (Required)

 GLib is the low-level core library that forms the basis of GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system.

Download Glib to /root  and expand

# cd /root
# tar –zxf glib-2.3.1.tar.gz
# cd /root/glib-2.3.1

Compile and install Glib

# ./configure –-prefix=/usr -–sysconfdir=/etc
# make
# make install

You must use the above command line to configure or Pango install will fail to compile.

Install Pango (Required)

Pango is a library for layout and rendering of text, with an emphasis on internationalization. It forms the core of text and font handling for GTK+-2.0.

The installation of pango is as follows:

# cd /root
# tar –xzf pango-1.3-1.tar.gz

# cd /root/pango-1.3.1
# ./configure
# make
# make install


Install ATK (Required)

The ATK library provides a set of interfaces for accessibility. By supporting the ATK interfaces, an application or toolkit can be used with such tools as screen readers, magnifiers, and alternative input devices a  required dependency of GTK+. 

The installation of ATK is as follows:

# cd /root
# tar –xzf atk-1.2.0.tar.gz
# cd /root/atk-1.2.0
# ./configure
# make
# make install


Install GTK+   (Required)

GTK+ is a multi-platform toolkit for creating graphical user interfaces.

Begin the installation of GTK+ by uncompressing the files:

# cd /root
# tar –xzf gtk+-2.2.3.tar.gz
# cd /root/gtk+-2.2.3

Configure, compile, and install GTK+ 

# ./configure
# make
# make install

“make” will take some time (at least 10+ minutes on a P4 Celeron 2.0ghz ). 


Install Libpcap (Required)

libpcap is a system-independent interface for user-level packet capture. libpcap provides a portable framework for low-level network monitoring. Applications include network statistics collection, security monitoring, network debugging, etc.

Install Libpcap

# cd /root
# tar –xzf libpcap-0.8.1.tar.gz
# cd /root/libpcap-0.8.1
# ./configure
# make
# make install


Install Airsnort (Finally we get to install the program that we want to use! )

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys.

To compile Airsnort, complete the following steps.

# cd /root
# tar –xzf airsnort-0.2.3c.tar.gz
# cd /root/airsnort-0.2.3c
# ./autogen.sh

# make

# make install

 

If you have problems installing Airsnort or need help with other configuration options.  http://airsnort.shmoo.com/ 


Running Airsnort

Make sure your wireless card is active by connecting to an Wireless AP or use AdHoc mode.

To begin Airsnort, just enter following command.

# airsnort

From the GUI change the card type from Prism2 (wlan-ng) to Orinoco(Orinoco_cs)  then click START….and enjoy!

Netw  Network configuration settings used for this example.

Wireless Device configuration settings:

Hardware device: eth0

Mode : Auto

Network name (SSID): default (My wireless Access Point SSID is “default”)

Channel:1

Transmit rate: Auto

Key: (WEP, not used)

IP Address: Static 192.168.1.10

 

Notes for me (May not apply to you)

 

One problem I discovered is that from a cold boot up with my wireless access point disabled and  Airsnort is run eth0 will not be recognized and you will get the error: “unable to set monitor mode” if you try and start airsnort.

 

If I boot up with my wireless access point active Airsnort will recognize eth0 and the program will run without errors. (my guess is that the NIC has to associate with something)

 

To be able to use Airsnort without having my wireless AP active or if you don’t have a wireless AP is to do the following:

Create a 2nd  profile for eth0 called Airsnort. (call it whatever you want)

 

AdHoc wireless device configuration settings:

Hardware device: eth0

Mode: Ad-Hoc

Network name (SSID): Auto

Channel: 6 (use any one you want)

Transmit Rate: Auto

Key: (not used)

IP Address: Static 192.168.1.100

 

Before running Airsnort open the Network configuration window and activate the 2nd profile created. Then execute the steps in Running Airsnort.

 

Other dependicies that were not loaded but are mentioned in GTK+ compile instructions. (It seems these packages are installed with Red Hat 9)

GNU make (Installed with Red Hat 9)

JPEG-6b-26 (installed with Red Hat 9)

PNG-1.2.2-16 (Installed with Red Hat 9)

TIFF-3.5.7-11 (installed with Red Hat 9)

FreeType-2.1.3-6 (Installed with Red Hat 9)

Libiconv  (Installed with Red Hat 9)

Gettext (Installed with Red Hat 9 )

You can check to see if they are installed with the useful commands below.

Useful commands:

“rpm –qa | grep (package name)”   this will return the various versions of the package installed.

“pkg-config (package name)—modversion”   this will return the version of the package

“export PKG_CONFIG_PATH”

 

Example: your libignomeui.pc file is located at /usr/lib/pkgconfig/libgnomeui.pc and the package you are installing cannot locate the file and generates an error indicating you do not have the file. Yet you know the system has the file by your using the “find files” feature. To set your pkgconfig search path you would enter: export PKG_CONFIG_PATH=/usr/lib/pkgconfig

 

 

“./configure –-prefix=/usr -–sysconfdir=/etc” I think this overwrites an older version with a newer version?

To Do

 

Questions/Concerns/Comments

Use this HowTo at your own risk! No liability expressed or implied.  My Email address is : [email protected].

Copyright 2004 Karentech80 all rights reserved.

Hosted by www.Geocities.ws

1