In my quest to become more familiar with Docker I decided to create a container to run another wireless radio software called Kismet.
Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework. Kismet works with Wi-Fi interfaces, Bluetooth interfaces, some SDR (software defined radio) hardware like the RTLSDR, and other specialized capture hardware.
https://www.kismetwireless.net/#kismet
Kismet is used in many different ways but the one that really intrigues me is as a wifi wardriving tool and as a wireless intrusion detection framework. If you are wondering what wardriving is or think it’s some crazy hacking term, it’s basically just the act of searching or scanning for wifi devices and hotspots from a moving vehicle or mobile platform. Wireless intrusion detection is kind of the opposite, where you are monitoring the same wireless space for new and unknown devices in an attempt to classify those devices as benign/safe or malicious attackers.
With the number of wi-fi and other wireless devices increasing in prevalence and becoming indispensable to our modern lives, I think it is becoming more and more important to gain knowledge of your wireless surroundings. collecting and displaying this information along and combining it with other metadata will soon enter the consumer space giving users actionable insight into their surroundings in new and novel ways.
Here are just one of the cool setups that people are building to do wardriving!
With that being said, I wanted to create an easy way to install the kismet software onto a server or edge computing device. So I made a docker container for this purpose. It’s not perfect but does encapsulate most of the requirements needed.
Docker
Traditionally, docker is used to run software that is somewhat independent of controlling low-level hardware. I addressed this challenge in my GNURadio docker container by blacklisting certain drivers for my SDR.
In this case, this does not really work for the wifi radios that kismet needs to use. This is because they are considered network devices and have low-level kernel drivers that can not be instantiated inside the container in an isolated way.
I spent way too much time reconfiguring driver installs and dependencies for the container, modifying blacklists, and pulling my hair out a bit. But the actual solution was to change the docker run configuration to use the host network instead of the standard bridge configuration when running.
The Dockerfile and the built container can be found on my GitHub and DockerHub repos respectively.
GitHub: Tschucker/kismet-wireless-docker-container
You will need a storage device to mount it as Drive to this container location. This is because running kismet for any significant amount of time will create a large database file with multiple gigabytes of data.
Kismet Configuration Files
Once installed you may want to edit some of the kismet configuration files. These can be accessed via the terminal at /etc/kismet.
On CasaOS this can be found by clicking the settings of the container and up at the top right there should be a button that looks like a small terminal window. Click that and you should be presented with a prompt if the container is running.
To make startup easier, you can edit the kismet.conf file by adding the hardware names of your sources. For me this was, starting from the top, my Bluetooth adapter, PCIe wifi, and my USB wifi dongle.
You may also want to edit the kismet_logging.conf file to stop it from logging data packets. This is because if you have the system running for a while setting this to true can cause the kismet database file to reach hundreds of gigabytes! Just change the line to false below as I have done.
Zima Board
I recently have really enjoyed doing projects on the Zima Board single-board server. with an intel processor SATA and PCIe interfaces as well as multiple Ethernet ports and high-speed USB it is more than powerful to run a wide variety of applications. Here is my hardware setup below.
CasaOS
As I showed in my previous post we can use CasaOS to run the docker container, you can either fill out the information yourself or you can use the app JSON file to fill in most of the form. To do this check out my previous post, or just click on the App Store button and then Custom Install
Clone my GitHub repo and then click the import button at the top right of the install form, I have linked the JSON file below but you will need to clone the whole repo to download it.
Once that is done installing you should be able to just click on the kismet app icon and it should open a new tab with kismet started.
Kismet Wireless
When you first startup the container you will need to create a login. After that, you should be presented with the main interface. If you did not set up your sources, kismet should detect your wifi device. If it doesn’t you will need to change some configurations so that your device is visible to the container. Click on the upper left-hand menu and then data sources to see what is available.
Here I have both my wifi devices (PCIe and USB) my Bluetooth dongle, and my RTLSDR running adsb software receiver. TO get more information on the data output from each source we can look at the packet rates.
Here we can see that the USB wifi is currently producing the most amount of data, I will need to look into why the PCIe device “wlp1s0” is generating packets so slow.
To view available wifi access points we can then select the devices tab, and set the dropdown menu to “WiFi Access Points”. This shows their SSID, signal strength, packets, number of clients, and much more.
Advanced
RTL-SDR and ADSB tracking need to blacklist drivers in host os. Check out my previous post linked earlier that did this for my GNURadio Docker container. Once you have done this you should see the rtlsdradsb source in the data sources tab. Enable it and you should start to see aircraft in your area. This is highly dependent on your antenna and reception capability so it could take a while to see something if you are not close to an airport.
We then sort by devices, selecting the rtlsdr device, we can click on the different entries to see some of the plane’s information. This is a Southwest Airlines Boeing 737!
The Bluetooth config is also a bit more complicated since you need to tell Kismet what USB serial port the device is using. You also need to pass in the USB devices but that should already be taken care of if you used the JSON app import option.
My device is an nrf51822 located at /dev/ttyUSB0. This is a special Adafruit Bluetooth dongle that can be used to sniff for Bluetooth devices. Below is an example of the kind of information Kismet can record. In this case, it’s an LED strip controlled by BLE.
Next Steps
Now that I have this running I have a lot more in store for the Zima Board hardware and kismet. I want to expand the number of wifi cards that are sampling the spectrum and I want to add a GPS module as well to provide positioning data. I am also curious if it is possible to add helium and other IoT sensing using either a dedicated radio or the SDR device.
