kismet, snort and bash to upload my logs?

The gear needed for wardriving

4 posts • Page 1 of 1
I just posted this on the Kismet forum, wanted to repeat it here.

I've been a happy Kismet user for five years. I started on a Sharp Zaurus and moved through several old laptops. I'm interested in a variation of something I have thought about for several years. Some of my wardriving setups have been nice multi-card setups, with a nice mount for laptop. some were pretty sloppy, and hard on pigtails/PCMCIA cards/USB/power cables.

Scenario: When I start the vehicle, I would like it to log me in, and start GPSD/Kismet. When I return home from wardriving, I would like Snort to recognize my home AP, turn off Kismet, connect to my AP and upload my logs, then turn off the machine.

I recently was given an old Panasonic Toughbook 28, it is quite a feat of laptop engineering. http://en.wikipedia.org/wiki/Panasonic_Toughbook It has two mini-PCI slots, and I would like to resurrect it as a semi-permanent "live in the trunk" dedicated Kismet setup. If it will survive Iraq and Antartica, it will probably survive my car trunk. I would like to have no USB and no PCMCIA items dangling from it.

Israel Torres has good automated powerup/gpsd/kismet info at http://chroniclesofawardriver.org/wardr ... ripts.html Although the link to auto-login is gone, currently there is another copy at http://linuxgazette.net/issue72/chung.html

I haven't worked with Snort, but it looks pretty straightforward for this, just set up a FIFO, and learn to write some Snort rules. You would have to insert a long SLEEP at the beginning to allow myself enough time to get away from home, else Snort would shut it down before I leave.

Some of my wardriving rigs have been enough of a hassle to set up, that I often do not do it for short drives. Suggestions? I would like to avoid re-inventing the wheel if someone else has done work along these lines.
When I return home from wardriving, I would like Snort to recognize my home AP, turn off Kismet, connect to my AP and upload my logs, then turn off the machine.
My bit on this solution: what I would try is a script which runs in the background (alongside gpsd and kismet_server) which monitors the power status of the laptop (I assume it still has some working battery life). When the laptop is on battery for more than 4 minutes (or anything more than 'just an engine stall') you have stopped and kismet should be stopped, a wireless card reverted to normal mode and an rsync attempted of the kismet logs to the home server and a powerdown started.

Postby argh » Mon Nov 12, 2007 4:20 pm

Excellent idea KH, and potentially easier. This laptop does not have any battery at all however, and will be powered directly by (and only by) the vehicle's 12vdc.

Postby argh » Tue Jan 15, 2008 5:02 am

Update on this idea: I have the Toughbook installed with Sidux, and logging in an unpriviledged user automatically. A dpkg-reconfigire gpsd has gpsd starting automatically (I got a new BU-353 USB gps and it works very well). It should be easy to poke around in init.d and have the user hit it's .bashrc script to sudo kismet automatically.

On the powerup/powerdown? Batteries are crazy expensive for these things. I had been investigating learning to read serial ports, and considering having a SPST switch under the dash to shut it down manually, by issuing shutdown -h after the pushbutton event closed all the programs properly. I realized that the Snort/Kismet method would only work when I arrive home, not when I am turning off the car elsewhere.

I looked at the BIOS, and there was an option for the power switch to be either off/on or a standby switch. Having no battery I hadn't really paid any attention to ACPI, so I started thinking about possibly reassigning a standby event to be shutdown. I changed it in BIOS, and hit it to see what happens. _Much_ to my suprise, it started issuing a clean shutdown! The power switch itself is fairly accessable, and I think I can drill a hole beside it. Others that have been further inside these than I tell me that it will be easy access to solder to the existing switch terminals. This means that I can use one pair of wires to both manually start and cleanly shut it down. I think there's room to install a jack, so it will be easier to connect/disconnect to remove it from the trunk.

To send power and the control signals back and forth I had decided on using antenna rotor cable. It is available with up to 12 wires inside it's sheath, and heavy enough to provide DC power directly to it (fused at the battery, of course). I had planned to put a small speaker under the seat to monitor status via sound events much as Israel had, so another pair in the rotor cable can be used.

I had a new problem with this install of Kismet, /usr/bin/play wasn't playing the Kismet sounds. Trying it manually, play won't play any sounds at all. I searched for some similar error messages, tried recompiling sox with some switches and still no joy. An easy solution turned out to be to install alsaplayer, and use aplay instead of play. It seems to work fine.

This is all now looking much easier than when I started out. The last step is to learn how to run Snort/Kismet to determine when I'm back in range of my home AP, and associate, upload, and power down. I guess while I'm at it, I may as well have it tar the logs and possibly upload to Wigle directly from the car also.

4 posts • Page 1 of 1

Return to “Net Hugging Hardware and Software”

Who is online

Users browsing this forum: Bing [Bot] and 5 guests