wernst
March 11th, 2005, 01:36 AM
Here are some steps to get Airsnort working on Ubuntu. (Other programs listed at end.)
- Back up your system. I like using Norton Ghost 2003. It is much easier thrashing around the system trying things when you know you can go back to a working setup. Think of it as a system-wide Undo.
- Find out what kernel you are running. You can open a terminal window and type "uname -r", or you can look at the GRUB bootloader screen. Write down what it says. In my case it is "2.6.1-4-686".
- Download the latest CVS version of the Orinico driver. I found it at:
http://savannah.nongnu.org/cgi-bin/viewcvs/*checkout*/orinoco/orinoco/index.html?rev=1.22&cvsroot=Web
after going to:
http://savannah.nongnu.org/cvs/?group=orinoco
The result will be a tarbar. The file I got was: orinoco-0.15rc2.tar.gz
- OK, we need to uncompress it and work with it. If you're a GUI person, double-click the download, which opens it in File Roller, which is Gnome's archive manager. (Think Winzip.) Click the Extract button, make a new folder in your Home directory by clicking "Create Folder" and naming it something like "orinoco_cvs_driver", then click "Extract". Close File Roller. If you're not a GUI person, then you almost certainly know how to deal with a tarball on the command line.
- This makes a folder in your Home folder called "orinoco_cvs_driver" and inside this is a folder called "orinoco-0.15rc2" (at least for me. Version numbers can change.) Inside "orinoco-0.15rc2" are all the files we need to compile and work with.
- Since we need to compile things, you need a few tools and files in order to compile. Open Synaptic Package Manager (Computer menu > System Configuration > Synaptic Package Manager) and use the Search function to find "linux-headers-(version #)" and highlight those items. In my case it was "linux-headers-2.6.8.1-4-686" and "linux-headers-2.6.8.1-4". Then click "Apply" and then "Apply" again to get them. Use the same procedure to get "build-essential" (which also gets a lot of depandant things).
- A lot of people will tell you that you should move this folder of stuff to a "proper" working directory, like /usr/src or usr/local/src, and if you want to, go ahead. I don't bother with this. You also need to do a lot of things as root, which in Ubuntu is different. I just open up a Root Terminal window (Applications menu > System Tools > Root Terminal) but you can run "sudo" all the time in a regular terminal window if you like. These instructions assume you'll use the Root Terminal.
- Go to the folder with all the orinoco files. There's a "README.orinoco" file in there. I'd read it for any last minute instructions.
- Open your Root Terminal window and move to the orinoco folder with all the files. In my case, that is: /home/wernst/orinoco_cvs_driver/orinoco-0.15rc2.
- Type "make" (no quotes). After a moment, you should get a prompt again, and without errors.
- Type "make install" (no quotes). If you aren't doing this in a root terminal, then the command is "sudo make install" (no quotes) and enter your password. This installs the driver to the correct location.
- (Note - if and when you upgrade your kernel or Ubuntu in general, if the new features of these Orinoco drivers stop working, it is because the update overwrote these files you just built. If that's the case, download the new Linux headers that correspond to whatever new kernel you have, and then do a "make" and "make install" with these files again, and you should be good to go.)
- Restart the computer. Make sure wireless access still works. If it does: good! You didn't break anything.
- You're probably doing all this to get the monitor modes working for Airsnort and other similar tools. To manually start monitor mode, first "disable" the wireless interface (eth1, in my case) in the Gnome networking panel (Computer menu > System Configuration > Networking). Theres also a command line, um, command you can do as root, but I forget what that is. (I *think* its "ifconfig eth1 status down" but don't hold me to that.)
- Open a Root Terminal window. Type the command: "iwconfig eth1 mode monitor" (no quotes). You should see no error message. If you re-enable the wireless card in the Networking panel and try to ping other things, it shouldn't be able to. That's because you're in Monitor mode! Congratulations!
- Restart the system to get your normal wireless connection working again. To use an older version of Airsnort (0.23d), just select it from Synaptics. Then open a Root Terminal window. Start monitor mode (iwconfig eth1 mode monitor). Start Airsnort by typing "airsnort" (no quotes). Click "Refresh" once. Set Network Device to whatever your wireless card is (eth1 for me). Set Driver Type to "Host AP/Orinoco". Then click "Start" to start. Your capturing! Restart computer to reset interface (ejecting and inserting PCMCIA card should do it too).
- If you're looking for the latest Airsnort, download the latest package from http://airsnort.shmoo.com/. As of now, the latest version is 0.27e, so the download file is: airsnort-0.2.7e.tar.gz. As before, double-click it to open it in File Roller. Uncompress it someplace safe; I made an "airsnort" folder in my Home folder and uncompressed it there, which made a folder called "airsnort-0.2.7e" within "airnsort". There's a README file you should check for any last minute instructions, along with an INSTALL file.
-Building airsnort requires some more things, but they are installable via Synaptic. I THINK all you need to install is "libgtk2.0-dev" but I also installed "libgtk1.2-dev" to be safe. You also need "libpcap0.8-dev."
- Open a Root Terminal window and move into the airsnort directory with all the files. For me, that's: /home/wernst/airsnort/airsnort-0.2.7e. Start with typing "./configure" (no quotes). This makes sure you've got the right building blocks to build. If there are no errors...
- Then do a "make" and "make install" (no quotes). With any luck, this puts an airsnort executable in /usr/loca/bin, which happens to be in the PATH.
- To run it, open a Root Terminal window and type "airsnort" (no quotes). The latest version of Airsnort AUTOMATICALLY ENABLES MONITOR MODE. You don't even need to disable the wireless interface (like eth1) first. Just make sure "eth1" and "Host AP/Orinoco" are selected in Airsnort and click "Start." To stop, click "Stop." You won't be able to go online while scanning, but the connection will be restored to normal when you stop scanning.
- Interested in the latest versions Ethereal and Kismet? You're in luck! They use the updated CVS-based Orinoco drivers too. I am not going to go through the steps, but if you paid attention to how to make Airsnort, then you'll do fine. The basic deal is to download the source tarball, uncompress it, read any README or INSTALL files that came with the package. Use Synaptics to download any required dependancies. You'll be told to "./configure", "make", and "make install". You may (will) get errors during your ./configures and makes, BUT stay calm and read them. If, for example, the error message says "yaff not found" then use Synaptics to search for "yaff" and install it, and then try the ./configure or make again. Doing nothing more than this, Ethereal and Kismet will compile, install, and work.
- Don't mind using older versions of Kismet and Ethereal? Just use Synaptics to get them.
Want to know how to actually *use* these programs? I'm the wrong person to ask.
- Warren Ernst
- Back up your system. I like using Norton Ghost 2003. It is much easier thrashing around the system trying things when you know you can go back to a working setup. Think of it as a system-wide Undo.
- Find out what kernel you are running. You can open a terminal window and type "uname -r", or you can look at the GRUB bootloader screen. Write down what it says. In my case it is "2.6.1-4-686".
- Download the latest CVS version of the Orinico driver. I found it at:
http://savannah.nongnu.org/cgi-bin/viewcvs/*checkout*/orinoco/orinoco/index.html?rev=1.22&cvsroot=Web
after going to:
http://savannah.nongnu.org/cvs/?group=orinoco
The result will be a tarbar. The file I got was: orinoco-0.15rc2.tar.gz
- OK, we need to uncompress it and work with it. If you're a GUI person, double-click the download, which opens it in File Roller, which is Gnome's archive manager. (Think Winzip.) Click the Extract button, make a new folder in your Home directory by clicking "Create Folder" and naming it something like "orinoco_cvs_driver", then click "Extract". Close File Roller. If you're not a GUI person, then you almost certainly know how to deal with a tarball on the command line.
- This makes a folder in your Home folder called "orinoco_cvs_driver" and inside this is a folder called "orinoco-0.15rc2" (at least for me. Version numbers can change.) Inside "orinoco-0.15rc2" are all the files we need to compile and work with.
- Since we need to compile things, you need a few tools and files in order to compile. Open Synaptic Package Manager (Computer menu > System Configuration > Synaptic Package Manager) and use the Search function to find "linux-headers-(version #)" and highlight those items. In my case it was "linux-headers-2.6.8.1-4-686" and "linux-headers-2.6.8.1-4". Then click "Apply" and then "Apply" again to get them. Use the same procedure to get "build-essential" (which also gets a lot of depandant things).
- A lot of people will tell you that you should move this folder of stuff to a "proper" working directory, like /usr/src or usr/local/src, and if you want to, go ahead. I don't bother with this. You also need to do a lot of things as root, which in Ubuntu is different. I just open up a Root Terminal window (Applications menu > System Tools > Root Terminal) but you can run "sudo" all the time in a regular terminal window if you like. These instructions assume you'll use the Root Terminal.
- Go to the folder with all the orinoco files. There's a "README.orinoco" file in there. I'd read it for any last minute instructions.
- Open your Root Terminal window and move to the orinoco folder with all the files. In my case, that is: /home/wernst/orinoco_cvs_driver/orinoco-0.15rc2.
- Type "make" (no quotes). After a moment, you should get a prompt again, and without errors.
- Type "make install" (no quotes). If you aren't doing this in a root terminal, then the command is "sudo make install" (no quotes) and enter your password. This installs the driver to the correct location.
- (Note - if and when you upgrade your kernel or Ubuntu in general, if the new features of these Orinoco drivers stop working, it is because the update overwrote these files you just built. If that's the case, download the new Linux headers that correspond to whatever new kernel you have, and then do a "make" and "make install" with these files again, and you should be good to go.)
- Restart the computer. Make sure wireless access still works. If it does: good! You didn't break anything.
- You're probably doing all this to get the monitor modes working for Airsnort and other similar tools. To manually start monitor mode, first "disable" the wireless interface (eth1, in my case) in the Gnome networking panel (Computer menu > System Configuration > Networking). Theres also a command line, um, command you can do as root, but I forget what that is. (I *think* its "ifconfig eth1 status down" but don't hold me to that.)
- Open a Root Terminal window. Type the command: "iwconfig eth1 mode monitor" (no quotes). You should see no error message. If you re-enable the wireless card in the Networking panel and try to ping other things, it shouldn't be able to. That's because you're in Monitor mode! Congratulations!
- Restart the system to get your normal wireless connection working again. To use an older version of Airsnort (0.23d), just select it from Synaptics. Then open a Root Terminal window. Start monitor mode (iwconfig eth1 mode monitor). Start Airsnort by typing "airsnort" (no quotes). Click "Refresh" once. Set Network Device to whatever your wireless card is (eth1 for me). Set Driver Type to "Host AP/Orinoco". Then click "Start" to start. Your capturing! Restart computer to reset interface (ejecting and inserting PCMCIA card should do it too).
- If you're looking for the latest Airsnort, download the latest package from http://airsnort.shmoo.com/. As of now, the latest version is 0.27e, so the download file is: airsnort-0.2.7e.tar.gz. As before, double-click it to open it in File Roller. Uncompress it someplace safe; I made an "airsnort" folder in my Home folder and uncompressed it there, which made a folder called "airsnort-0.2.7e" within "airnsort". There's a README file you should check for any last minute instructions, along with an INSTALL file.
-Building airsnort requires some more things, but they are installable via Synaptic. I THINK all you need to install is "libgtk2.0-dev" but I also installed "libgtk1.2-dev" to be safe. You also need "libpcap0.8-dev."
- Open a Root Terminal window and move into the airsnort directory with all the files. For me, that's: /home/wernst/airsnort/airsnort-0.2.7e. Start with typing "./configure" (no quotes). This makes sure you've got the right building blocks to build. If there are no errors...
- Then do a "make" and "make install" (no quotes). With any luck, this puts an airsnort executable in /usr/loca/bin, which happens to be in the PATH.
- To run it, open a Root Terminal window and type "airsnort" (no quotes). The latest version of Airsnort AUTOMATICALLY ENABLES MONITOR MODE. You don't even need to disable the wireless interface (like eth1) first. Just make sure "eth1" and "Host AP/Orinoco" are selected in Airsnort and click "Start." To stop, click "Stop." You won't be able to go online while scanning, but the connection will be restored to normal when you stop scanning.
- Interested in the latest versions Ethereal and Kismet? You're in luck! They use the updated CVS-based Orinoco drivers too. I am not going to go through the steps, but if you paid attention to how to make Airsnort, then you'll do fine. The basic deal is to download the source tarball, uncompress it, read any README or INSTALL files that came with the package. Use Synaptics to download any required dependancies. You'll be told to "./configure", "make", and "make install". You may (will) get errors during your ./configures and makes, BUT stay calm and read them. If, for example, the error message says "yaff not found" then use Synaptics to search for "yaff" and install it, and then try the ./configure or make again. Doing nothing more than this, Ethereal and Kismet will compile, install, and work.
- Don't mind using older versions of Kismet and Ethereal? Just use Synaptics to get them.
Want to know how to actually *use* these programs? I'm the wrong person to ask.
- Warren Ernst