[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kismet-wireless
Subject:    Laptop card gets classified as an AP?
From:       "Crow, Owen" <Owen_Crow () bmc ! com>
Date:       2002-11-22 19:55:59
[Download RAW message or body]

Please bear with me as I try to understand some of the output of Kismet.  I
have 2.6.2, on Redhat 7.3, custom 2.4.18 kernel (+orinoco patches), with an
Orinoco Gold card.

Today, a person with a Cisco wireless card wandered into a nearby meeting
room and was picked up by my sensor.  At first, it showed up as a unique
SSID "joes-ap", but once I clicked i for info, it started cycling through
various SSIDs (tsunami, hello, etc.) trying to make a connection.  I talked
to the owner and this is a normal part of the multi-profile setup on his
card.

The thing I can't figure out is that after a few minutes, the probe line
disappeared from the main display and was replaced with an entry for a known
LEAP-encrypted access point in my area.  By replaced, I mean that the line
that did have "joes-ap" for the "Name" column, now had "12345" and the type
column had "A".

If I clicked info on this new entry, sure enough it showed the same cycle of
SSIDs but said it was no longer a probe but an Access Point
(infrastructure).  The saved files seem to have it better.  The .network
file has this entry last:

Network 23: "joes-ap" BSSID: "00:40:96:40:xx:xx"
    Type     : unknown
    Info     : "None"
    Channel  : 00
    WEP      : "No"
    Maxrate  : 0.0
    LLC      : 334
    Data     : 0
    Crypt    : 0
    Weak     : 0
    Total    : 334
    First    : "Fri Nov 22 10:36:01 2002"
    Last     : "Fri Nov 22 10:37:40 2002"
    Min Loc: Lat 0.000000 Lon 0.000000 Alt 0.000000 Spd 0.000000
    Max Loc: Lat 0.000000 Lon 0.000000 Alt 0.000000 Spd 0.000000

The .csv file has the same info on a single line.

I'm guessing that this is just Kismet getting confused with a wireless card
which is not behaving like an access point (i.e. not a static SSID.)  

BTW, it also shows up in gpsdrive as "joes-ap" and not the "12345".
Gpsdrive appears to just setup a point for the initial signal reception so
it's not very accurate about where the highest signal level was.

Thanks,
Owen

[prev in list] [next in list] [prev in thread] [next in thread]