By BashTin at 2005-02-09 07:53
ORINOCO MONITOR & KISMET HOWTO
How to get Orinoco Wireless Card with firmware 8.xx into monitor mode on Mandrake 10.1
This document describes the process of getting monitor mode to work with the Orinoco-0.13e driver using a pcmcia wireless card with 8.xx firmware and the installation of Kismet on Mandrake 10.1.
The details of the system used are:
Panasonic CF-T1 Note Book.
Orinoco Gold PCMCIA card, Lucent/Agere firmware 8.72.
This HOWTO is specific to the hardware and software listed above but certain elements should be useful to anyone trying to get this to work. Because of various idiosyncrasies it took me a long time to get this to all come together and working so I put this here for the benefit of others also struggling to get this to work.
You need to have the source rpm for your running kernel installed. The kernel source rpm must match the running kernel. You can find this out with 'uname -r' and in my case that gives me '220.127.116.11-12mdk' so I needed to install 'kernel-source-2.6-18.104.22.168-12mdk'. NOTE: For some reason when I opted to install kernel sources when I installed Mandrake it installed 'kernel-source-2.4.27-0.pre2.1mdk' which of course is wrong.
Kernels latter than 2.4.X have pcmcia support built into the kernel. You still however need the pcmcia-cs package so if you don't have it installed use the RPM's that came with your distro.
The latest orinoco drivers, orinoco-0.15xx support monitor mode but NOT for 8.xx firmware. The patch for the 0.13 driver contains some hacks that get around some problems in the 8.xx firmware but the maintainers of the orinoco driver chose not to include these in the newer official drivers. So in conclusion we need to work with the orinoco-0.13e driver for firmware 8.xx and latter.
This driver should reside in '/lib/modules/your kernel version/kernel/drivers/net/wireless'.
You can check what orinoco modules are available with:
modprobe -l | grep orinoco
However, as mentioned above, the default orinoco-0.13e module cannot support monitor mode so normally it is patched to accomplish this. Unfortunately the patched driver has trouble compiling on the 2.6.x source tree but a goog guy in Germany (plasmahh at tzi dot de) ported the orinoco 0.13e driver to 2.6.x. The sources are available here:
and are mirrored here:
It has the patch already applied so all you need to do is first remove or back up your current drivers from '/lib/modules/kernel-version'. If you back up your drivers move them out of the /lib/modules tree or else they will still be detected and may be loaded by the system. Then:
tar -xvf /path/to/package/orinoco-0.13e-SN-5.tar
If all went well you got no error messages and your new drivers will have been installed into the current directory. So copy them into the modules tree with:
cp *.ko /lib/modules/kernel-version/kernel/drivers/net/wireless
then check it with:
ls -al /lib/modules/kernel-version/kernel/drivers/net/wireless
and check the time stamp. Now edit the file '/etc/sysconfig/pcmcia' and set the variables to:
Now insert your card and see what interfaces you have up with:
You should have something like this:
eth1 Link encap:Ethernet HWaddr 00:02:2D:8B:82:06
inet6 addr: fe80::202:2dff:fe8b:8206/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:11 dropped:0 overruns:0 carrier:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:3 Base address:0x100
If not you may need to start pcmcia services manually with:
service pcmcia start
And then try again. Hopefully all is well and you can then check Dmesg, you should have output similar to:
ACPI: PCI interrupt 0000:01:05.0[A] -> GSI 10 (level, low) -> IRQ 10
Yenta: CardBus bridge found at 0000:01:05.0 [10f7:8338]
Yenta: ISA IRQ mask 0x0018, PCI irq 10
Socket status: 30000410
cs: IO port probe 0x0c00-0x0cff: clean.
cs: IO port probe 0x0100-0x04ff: excluding 0x360-0x367 0x4d0-0x4d7
cs: IO port probe 0x0a00-0x0aff: clean.
cs: memory probe 0xa0000000-0xa0ffffff: clean.
orinoco.c 0.13e (David Gibson <firstname.lastname@example.org> and others)
Compiled with Wireless extensions v.16
orinoco_cs.c 0.13e (David Gibson <email@example.com> and others)
eth1: Station identity 001f:0001:0008:0048
eth1: Looks like a Lucent/Agere firmware version 8.72
eth1: Ad-hoc demo mode supported
eth1: IEEE standard IBSS ad-hoc mode supported
eth1: WEP supported, 104-bit key
eth1: MAC address 00:02:2D:8B:82:06
eth1: Station name "HERMES I"
eth1: index 0x01: Vcc 5.0, irq 3, io 0x0100-0x013f
eth1: no IPv6 routers present
Note the line 'Compiled with Wireless extensions v.16', this is the applied patch for monitor mode.
Check the card is monitor capable with:
and you should get something similar to:
eth1 Available private ioctl :
force_reset (8BE0) : set 0 & get 0
card_reset (8BE1) : set 0 & get 0
set_port3 (8BE2) : set 1 int & get 0
get_port3 (8BE3) : set 0 & get 1 int
set_preamble (8BE4) : set 1 int & get 0
get_preamble (8BE5) : set 0 & get 1 int
set_ibssport (8BE6) : set 1 int & get 0
get_ibssport (8BE7) : set 0 & get 1 int
monitor (8BE8) : set 2 int & get 0
dump_recs (8BFF) : set 0 & get 0
If you can see the 'monitor' line you have succeeded!
For Mandrake 10.0 an RPM exists, It also installs and works on 10.1, It can be obtained from:
After you install the RPM you need to set some parameters in the file '/etc/kismet.conf'
suiduser= (Kismet must start as root user. As soon as root privilages are no longer required it will switch to the user name you supply here. A non root account is required).
source=orinoco,eth1,orinocosource (Change eth1 to whatever interface your card is on).
Then save the file and you are ready to start kismet. As root just issue the command;
Hopefully you should have it all up and running.
NERvOus @ www.nervous.it. The site where I really got the information I was missing.
plasmahh: He updated the orinoco driver ver. 0.13e and fixed the issue when compiling the driver for kernel 2.6.x
Unofficial D-Link DWL660 support page and information about firmware issues.
Kismet wireless project home page.
Various wireless and orinoco information.
Information about cards and their drivers under Linux.
Orinoco driver project for Linux
Paul Tuckley 9/2/05