Tweaking your kismet.conf

The default configuration of Kismet, the de facto 802.11 wireless network sniffer for UNIX and UNIX-like operating systems, comes with a “safe set” of channels known to work with most 802.11abg radios out there.

If you, like me, have a non-American 802.11abg radio the standard kismet.conf file is not quite enough for using your radio to the full potential.

To come across this you first need to find out which channels your 802.11abg radio actually supports. Under FreeBSD this is easily accomplished by running ifconfig IFACE list chan (or ifconfig IFACE list active if you have limited the number of channels in your configuration).

Example output from my Intel PRO/Wireless 2915ABG:

$ ifconfig iwi0 list chan
Channel   1 : 2412  Mhz 11g          Channel  36 : 5180  Mhz 11a          
Channel   2 : 2417  Mhz 11g          Channel  40 : 5200  Mhz 11a          
Channel   3 : 2422  Mhz 11g          Channel  44 : 5220  Mhz 11a          
Channel   4 : 2427  Mhz 11g          Channel  48 : 5240  Mhz 11a          
Channel   5 : 2432  Mhz 11g          Channel  52 : 5260  Mhz 11a          
Channel   6 : 2437  Mhz 11g          Channel  56 : 5280  Mhz 11a          
Channel   7 : 2442  Mhz 11g          Channel  60 : 5300  Mhz 11a          
Channel   8 : 2447  Mhz 11g          Channel  64 : 5320  Mhz 11a          
Channel   9 : 2452  Mhz 11g          Channel 149 : 5745  Mhz 11a          
Channel  10 : 2457  Mhz 11g          Channel 153 : 5765  Mhz 11a          
Channel  11 : 2462  Mhz 11g          Channel 157 : 5785  Mhz 11a          
Channel  12 : 2467  Mhz 11g          Channel 161 : 5805  Mhz 11a          
Channel  13 : 2472  Mhz 11g          Channel 165 : 5825  Mhz 11a

To use the full set of channels in Kismet you will need to modify the existing kismet.conf to read something like this:

defaultchannels=IEEE80211b:1,7,13,2,8,3,14,9,4,10,5,11,6,12
defaultchannels=IEEE80211g:1,7,13,2,8,3,14,9,4,10,5,11,6,12
defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64,149,153,157,161,165
defaultchannels=IEEE80211ab:1,7,13,2,8,3,14,9,4,10,5,11,6,12,36,40,44,48,52,56,60,64,149,153,157,161,165

While this will make kismet scan all the available channels, this is hardly ever what you want (no need for scanning 802.11a channels when you know the network you’re debugging is on 802.11g). To deal with this you can add the following lines to kismet.conf:

source=radiotap_bsd_ab,iwi0,ABG
source=radiotap_bsd_b,iwi0,BG
source=radiotap_bsd_a,iwi0,A
enablesources=BG

This will cause Kismet to channelhop on the previously defined 802.11bg channels by default, but still allow selecting only e.g. 802.11a channels by starting Kismet with kismet -C A.

2 thoughts on “Tweaking your kismet.conf”

  1. According to the iwlist(8) man page you should be able to get extract the list of supported channels using something like ‘iwlist eth0 frequency’ under GNU/Linux.

    The remaining configuration instructions should be identical.

Leave a Reply

Your email address will not be published. Required fields are marked *