Does "wlan_scan_monitor" module exist?

No, there is no such module (yet). I recently noticed the reference in the code for that module and thought of removing it - but I think asking Atheros about that would be wiser, it could be that it's really just missing in our repository for whatever reason.

Contacted Atheros about that.

This patch prevents the warning about wlan_scan_monitor and wlan_scan_wds

Signed-off-by: Ryan Castellucci <rcastellucci@solisys.com> SoliSys? LLC

--- ieee80211_scan.c.orig 2006-03-17 15:36:47.457134472 -0800 +++ ieee80211_scan.c 2006-03-17 16:16:12.094530172 -0800 @@ -191,6 +191,8 @@

int err; if (mode >= IEEE80211_SCANNER_MAX)

return NULL;

+ if (strcmp(scan_modnames[mode],"wlan_scan_sta") != 0 && strcmp(scan_modnames[mode],"wlan_scan_ap") != 0) + return NULL;

if (scanners[mode] == NULL && tryload) {

err = ieee80211_load_module(scan_modnames[mode]);

if (scanners[mode] == NULL err)

This patch prevents the warning about wlan_scan_monitor and wlan_scan_wds

(trying again, will preview this time....

Signed-off-by: Ryan Castellucci <rcastellucci@solisys.com> SoliSys? LLC
--- ieee80211_scan.c.orig       2006-03-17 15:36:47.000000000 -0800
+++ ieee80211_scan.c    2006-03-17 16:16:12.000000000 -0800
@@ -191,6 +191,8 @@
        int err;
        if (mode >= IEEE80211_SCANNER_MAX)
                return NULL;
+       if (strcmp(scan_modnames[mode],"wlan_scan_sta") != 0 && strcmp(scan_modnames[mode],"wlan_scan_ap") != 0)
+               return NULL;
        if (scanners[mode] == NULL && tryload) {
                err = ieee80211_load_module(scan_modnames[mode]);
                if (scanners[mode] == NULL || err)

still exists in 1486. Additionally, kismet svn fails to set the initial channel and thus does not start (someone confirm this?)

by "04/01/06 03:07:48: Modified by anonymous":

added an alias to modules.conf: alias wlan_scan_monitor wlan_scan_sta (On Gentoo, I added this to /etc/modules.d/madwifi and run modules-update) (re)installed kismet from svn

Everything working again, no patching needed.

I'm using svn 1518 and have the same behavior. I tried to apply the patch, and indeed the warning is not present anymore, but still the Monitor mode with Kismet doesn't work.

I tried the alias wlan_scan_monitor wlan_scan_sta in /etc/modprobe.conf (since I'm running Fedora Core 5), but didn't help either

Can you be a little more specific with "... still the Monitor mode with kismet doesn't work" ?

Try the latest svn revision of madwifi, and the latest kismet version.

See the error messages from kismet when running ?

What's the kismet.conf file like ?

Is the monitor mode receiving frames ?

Find here attached a bit more information:

#uname -r

Linux pipiche03 2.6.16-1.2096_FC5 #1 Wed Apr 19 05:14:36 EDT 2006 i686 i686 i386 GNU/Linux

# rpm -q wireless-tools

wireless-tools-28-0.pre13.5.1

/** Log from dmesg ath_hal: 0.9.16.16 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) wlan: 0.8.4.2 (svn 1526) ath_rate_sample: 1.2 (svn 1526) ath_pci: 0.9.4.5 (svn 1526) ACPI: PCI Interrupt 0000:00:09.0[A] -> Link [C0C9] -> GSI 5 (level, low) -> IRQ 5 wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps wifi0: H/W encryption support: WEP AES AES_CCM TKIP wifi0: mac 5.6 phy 4.1 radio 1.7 wifi0: Use hw queue 1 for WME_AC_BE traffic wifi0: Use hw queue 0 for WME_AC_BK traffic wifi0: Use hw queue 2 for WME_AC_VI traffic wifi0: Use hw queue 3 for WME_AC_VO traffic wifi0: Use hw queue 8 for CAB traffic wifi0: Use hw queue 9 for beacons wifi0: Atheros 5212: mem=0x98080000, irq=5 unable to load wlan_scan_monitor

# iwconfig lo no wireless extensions. eth0 no wireless extensions. sit0 no wireless extensions. vmnet8 no wireless extensions. wifi0 no wireless extensions. ath0 IEEE 802.11b ESSID:""

Mode:Monitor Frequency:2.412 GHz Access Point: 00:0F:20:93:89:E1 Bit Rate:0 kb/s Tx-Power:15 dBm Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Power Management:off Link Quality=0/94 Signal level=-95 dBm Noise level=-95 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0

#kismet Server options: none Client options: none Starting server... Waiting for server to start before starting UI... Will drop privs to kismet (501) gid 501 No specific sources given to be enabled, all will be enabled. Enabling channel hopping. Enabling channel splitting. Source 0 (AtherosG): Enabling monitor mode for madwifi_a source interface wifi0 channel 36... NOTICE: Created Madwifi-NG VAP kis2 WARNING: wifi0 appears to be using Madwifi-NG. Some versions of the Madwifi-NG drivers have problems in monitor mode, especially if non-monitor VAPs are active. If you experience problems, be sure to try the latest versions of Madwifi-NG and remove other VAPs FATAL: Unable to enter monitor mode. This can happen if your drivers have been compiled without the proper wireless extensions support or if you are running a very old version of the drivers or kernels. Please see the troubleshooting section of the README for more information.

/* Here after is the kismet.conf file */ # Kismet config file # Most of the "static" configs have been moved to here -- the command line # config was getting way too crowded and cryptic. We want functionality, # not continually reading --help!

# Version of Kismet config version=2005.06.R1

# Name of server (Purely for organizational purposes) servername=Kismet

# User to setid to (should be your normal user) suiduser=kismet

# Sources are defined as: # source=sourcetype,interface,name[,initialchannel] # Source types and required drivers are listed in the README under the # CAPTURE SOURCES section. # The initial channel is optional, if hopping is not enabled it can be used # to set the channel the interface listens on. # YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE source=madwifi_a,wifi0,AtherosG #source=madwifi_b,wifi0,AtherosG #source=madwifi_g,wifi0,AtherosG #source=madwifi_ag,wifi0,AtherosG #source=madwifi_ag,wifi0,AtherosG # # Comma-separated list of sources to enable. This is only needed if you defined # multiple sources and only want to enable some of them. By default, all defined # sources are enabled. # For example: # enablesources=prismsource,ciscosource

# Do we channelhop? channelhop=true

# How many channels per second do we hop? (1-10) channelvelocity=5

# By setting the dwell time for channel hopping we override the channelvelocity # setting above and dwell on each channel for the given number of seconds. #channeldwell=10

# Do we split channels between cards on the same spectrum? This means if # multiple 802.11b capture sources are defined, they will be offset to cover # the most possible spectrum at a given time. This also controls splitting # fine-tuned sourcechannels lines which cover multiple interfaces (see below) channelsplit=true

# Basic channel hopping control: # These define the channels the cards hop through for various frequency ranges # supported by Kismet. More finegrain control is available via the # "sourcechannels" configuration option. # # Don't change the IEEE80211<x> identifiers or channel hopping won't work.

# Users outside the US might want to use this list: defaultchannels=IEEE80211b:1,7,13,2,8,3,14,9,4,10,5,11,6,12 # defaultchannels=IEEE80211b:1,6,11,2,7,3,8,4,9,5,10

# 802.11g uses the same channels as 802.11b... defaultchannels=IEEE80211g:1,6,11,2,7,3,8,4,9,5,10

# 802.11a channels are non-overlapping so sequential is fine. You may want to # adjust the list depending on the channels your card actually supports. defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,149,153,157,161,184,188,192,196,200,204,208,212,216 # defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64

# Combo cards like Atheros use both 'a' and 'b/g' channels. Of course, you # can also explicitly override a given source. You can use the script # extras/listchan.pl to extract all the channels your card supports. defaultchannels=IEEE80211ab:1,6,11,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64

# Fine-tuning channel hopping control: # The sourcechannels option can be used to set the channel hopping for # specific interfaces, and to control what interfaces share a list of # channels for split hopping. This can also be used to easily lock # one card on a single channel while hopping with other cards. # Any card without a sourcechannel definition will use the standard hopping # list. # sourcechannels=sourcename[,sourcename]:ch1,ch2,ch3,...chN

# ie, for us channels on the source 'prism2source' (same as normal channel # hopping behavior): # sourcechannels=prism2source:1,6,11,2,7,3,8,4,9,5,10

# Given two capture sources, "prism2a" and "prism2b", we want prism2a to stay # on channel 6 and prism2b to hop normally. By not setting a sourcechannels # line for prism2b, it will use the standard hopping. # sourcechannels=prism2a:6

# To assign the same custom hop channel to multiple sources, or to split the # same custom hop channel over two sources (if splitchannels is true), list # them all on the same sourcechannels line: # sourcechannels=prism2a,prism2b,prism2c:1,6,11

# Port to serve GUI data tcpport=2501 # People allowed to connect, comma seperated IP addresses or network/mask # blocks. Netmasks can be expressed as dotted quad (/255.255.255.0) or as # numbers (/24) allowedhosts=127.0.0.1 # Address to bind to. Should be an address already configured already on # this host, reverts to INADDR_ANY if specified incorrectly. bindaddress=127.0.0.1 # Maximum number of concurrent GUI's maxclients=5

# Do we have a GPS? gps=false # Host:port that GPSD is running on. This can be localhost OR remote! gpshost=localhost:2947 # Do we lock the mode? This overrides coordinates of lock "0", which will # generate some bad information until you get a GPS lock, but it will # fix problems with GPS units with broken NMEA that report lock 0 gpsmodelock=false

# Packet filtering options: # filter_tracker - Packets filtered from the tracker are not processed or # recorded in any way. # filter_dump - Packets filtered at the dump level are tracked, displayed, # and written to the csv/xml/network/etc files, but not # recorded in the packet dump # filter_export - Controls what packets influence the exported CSV, network, # xml, gps, etc files. # All filtering options take arguments containing the type of address and # addresses to be filtered. Valid address types are 'ANY', 'BSSID', # 'SOURCE', and 'DEST'. Filtering can be inverted by the use of '!' before # the address. For example, # filter_tracker=ANY(00:00:DE:AD:BE:EF) # has the same effect as the previous mac_filter config file option. # filter_tracker=... # filter_dump=... # filter_export=...

# Alerts to be reported and the throttling rates. # alert=name,throttle/unit,burst/unit # The throttle/unit describes the number of alerts of this type that are # sent per time unit. Valid time units are second, minute, hour, and day. # Burst rates control the number of packets sent at a time # For example: # alert=FOO,10/min,5/sec # Would allow 5 alerts per second, and 10 alerts total per minute. # A throttle rate of 0 disables throttling of the alert. # See the README for a list of alert types. alert=NETSTUMBLER,10/min,1/sec alert=WELLENREITER,10/min,1/sec alert=LUCENTTEST,10/min,1/sec alert=DEAUTHFLOOD,10/min,2/sec alert=BCASTDISCON,10/min,2/sec alert=CHANCHANGE,5/min,1/sec alert=AIRJACKSSID,5/min,1/sec alert=PROBENOJOIN,10/min,1/sec alert=DISASSOCTRAFFIC,10/min,1/sec alert=NULLPROBERESP,10/min,1/sec alert=BSSTIMESTAMP,10/min,1/sec

# Known WEP keys to decrypt, bssid,hexkey. This is only for networks where # the keys are already known, and it may impact throughput on slower hardware. # Multiple wepkey lines may be used for multiple BSSIDs. # wepkey=00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900

# Is transmission of the keys to the client allowed? This may be a security # risk for some. If you disable this, you will not be able to query keys from # a client. allowkeytransmit=true

# How often (in seconds) do we write all our data files (0 to disable) writeinterval=300

# Do we use sound? # Not to be confused with GUI sound parameter, this controls wether or not the # server itself will play sound. Primarily for headless or automated systems. sound=false # Path to sound player soundplay=/usr/bin/play # Optional parameters to pass to the player # soundopts=--volume=.3 # New network found sound_new=/usr/share/kismet/wav/new_network.wav # Wepped new network # sound_new_wep=/usr/com/kismet/wav/new_wep_network.wav # Network traffic sound sound_traffic=/usr/share/kismet/wav/traffic.wav # Network junk traffic found sound_junktraffic=/usr/share/kismet/wav/junk_traffic.wav # GPS lock aquired sound # sound_gpslock=/usr/share/kismet/wav/foo.wav # GPS lock lost sound # sound_gpslost=/usr/share/kismet/wav/bar.wav # Alert sound sound_alert=/usr/share/kismet/wav/alert.wav

# Does the server have speech? (Again, not to be confused with the GUI's speech) speech=false # Server's path to Festival festival=/usr/bin/festival # Are we using festival lite? If so, set the above "festival" path to also # point to the "flite" binary flite=false # How do we speak? Valid options: # speech Normal speech # nato NATO spellings (alpha, bravo, charlie) # spell Spell the letters out (aye, bee, sea) speech_type=nato # speech_encrypted and speech_unencrypted - Speech templates # Similar to the logtemplate option, this lets you customize the speech output. # speech_encrypted is used for an encrypted network spoken string # speech_unencrypted is used for an unencrypted network spoken string # # %b is replaced by the BSSID (MAC) of the network # %s is replaced by the SSID (name) of the network # %c is replaced by the CHANNEL of the network # %r is replaced by the MAX RATE of the network speech_encrypted=New network detected, s.s.i.d. %s, channel %c, network encrypted. speech_unencrypted=New network detected, s.s.i.d. %s, channel %c, network open.

# Where do we get our manufacturer fingerprints from? Assumed to be in the # default config directory if an absolute path is not given. ap_manuf=ap_manuf client_manuf=client_manuf

# Use metric measurements in the output? metric=false

# Do we write waypoints for gpsdrive to load? Note: This is NOT related to # recent versions of GPSDrive's native support of Kismet. waypoints=false # GPSMap waypoint file. This WILL be truncated. waypointdata=%h/.gpsdrive/way_kismet.txt

# How many alerts do we backlog for new clients? Only change this if you have # a -very- low memory system and need those extra bytes, or if you have a high # memory system and a huge number of alert conditions. alertbacklog=50

# File types to log, comma seperated # dump - raw packet dump # network - plaintext detected networks # csv - plaintext detected networks in CSV format # xml - XML formatted network and cisco log # weak - weak packets (in airsnort format) # cisco - cisco equipment CDP broadcasts # gps - gps coordinates logtypes=dump,network,csv,xml,weak,cisco,gps

# Do we track probe responses and merge probe networks into their owners? # This isn't always desireable, depending on the type of monitoring you're # trying to do. trackprobenets=true

# Do we log "noise" packets that we can't decipher? I tend to not, since # they don't have anything interesting at all in them. noiselog=false

# Do we log corrupt packets? Corrupt packets have enough header information # to see what they are, but someting is wrong with them that prevents us from # completely dissecting them. Logging these is usually not a bad idea. corruptlog=true

# Do we log beacon packets or do we filter them out of the dumpfile beaconlog=true

# Do we log PHY layer packets or do we filter them out of the dumpfile phylog=true

# Do we mangle packets if we can decrypt them or if they're fuzzy-detected mangledatalog=true

# Do we do "fuzzy" crypt detection? (byte-based detection instead of 802.11 # frame headers) # valid option: Comma seperated list of card types to perform fuzzy detection # on, or 'all' fuzzycrypt=wtapfile,wlanng,wlanng_legacy,wlanng_avs,hostap,wlanng_wext,ipw2200,ipw2915

# Do we use network-classifier fuzzy-crypt detection? This means we expect # packets that are associated with an encrypted network to be encrypted too, # and we process them by the same fuzzy compare. # This essentially replaces the fuzzycrypt per-source option. netfuzzycrypt=true

# What type of dump do we generate? # valid option: "wiretap" dumptype=wiretap # Do we limit the size of dump logs? Sometimes ethereal can't handle big ones. # 0 = No limit # Anything else = Max number of packets to log to a single file before closing # and opening a new one. dumplimit=0

# Do we write data packets to a FIFO for an external data-IDS (such as Snort)? # See the docs before enabling this. #fifo=/tmp/kismet_dump

# Default log title logdefault=Kismet

# logtemplate - Filename logging template. # This is, at first glance, really nasty and ugly, but you'll hardly ever # have to touch it so don't complain too much. # # %n is replaced by the logging instance name # %d is replaced by the current date as Mon-DD-YYYY # %D is replaced by the current date as YYYYMMDD # %t is replaced by the starting log time # %i is replaced by the increment log in the case of multiple logs # %l is replaced by the log type (dump, status, crypt, etc) # %h is replaced by the home directory # ie, "netlogs/%n-%d-%i.dump" called with a logging name of "Pok" could expand # to something like "netlogs/Pok-Dec-20-01-1.dump" for the first instance and # "netlogs/Pok-Dec-20-01-2.%l" for the second logfile generated. # %h/netlots/%n-%d-%i.dump could expand to # /home/foo/netlogs/Pok-Dec-20-01-2.dump # # Other possibilities: Sorting by directory # logtemplate=%l/%n-%d-%i # Would expand to, for example, # dump/Pok-Dec-20-01-1 # crypt/Pok-Dec-20-01-1 # and so on. The "dump", "crypt", etc, dirs must exist before kismet is run # in this case. logtemplate=%n-%d-%i.%l

# Where do we store the pid file of the server? piddir=/var/run/

# Where state info, etc, is stored. You shouldnt ever need to change this. # This is a directory. configdir=%h/.kismet/

# cloaked SSID file. You shouldn't ever need to change this. ssidmap=ssid_map

# Group map file. You shouldn't ever need to change this. groupmap=group_map

# IP range map file. You shouldn't ever need to change this. ipmap=ip_map

Okay, can you give this a try ?

reboot your system, so its a clean start up.

Check iwconfig to see if ath0 is on, if it is destroy it (wlanconfig ath0 destroy). Basically don't turn on any virtual interfaces, kismet will try to create its own.

Now run kismet, and see what happens.

Find here after the results... Not better ...

/*************************************/ [root@pipiche03 ~]# iwconfig lo no wireless extensions. eth0 no wireless extensions. wifi0 no wireless extensions. ath0 IEEE 802.11b ESSID:""

Mode:Managed Channel:0 Access Point: Not-Associated Bit Rate:0 kb/s Tx-Power:0 dBm Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=0/94 Signal level=-95 dBm Noise level=-95 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0

sit0 no wireless extensions. vmnet8 no wireless extensions.

/*************************************/ [root@pipiche03 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:08:02:DF:D2:61

UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:10

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2242 errors:0 dropped:0 overruns:0 frame:0 TX packets:2242 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2583238 (2.4 MiB) TX bytes:2583238 (2.4 MiB)

vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08

inet addr:192.168.45.1 Bcast:192.168.45.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

/*************************************/ [root@pipiche03 ~]# wlanconfig ath0 destroy [root@pipiche03 ~]# iwconfig lo no wireless extensions. eth0 no wireless extensions. wifi0 no wireless extensions. sit0 no wireless extensions. vmnet8 no wireless extensions.

/*************************************/ [root@pipiche03 ~]# dmesg | grep ath ath_hal: module license 'Proprietary' taints kernel. ath_hal: 0.9.16.16 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) ath_rate_sample: 1.2 (svn 1526) ath_pci: 0.9.4.5 (svn 1526)

/*************************************/ [root@pipiche03 ~]# dmesg | grep wifi wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps wifi0: H/W encryption support: WEP AES AES_CCM TKIP wifi0: mac 5.6 phy 4.1 radio 1.7 wifi0: Use hw queue 1 for WME_AC_BE traffic wifi0: Use hw queue 0 for WME_AC_BK traffic wifi0: Use hw queue 2 for WME_AC_VI traffic wifi0: Use hw queue 3 for WME_AC_VO traffic wifi0: Use hw queue 8 for CAB traffic wifi0: Use hw queue 9 for beacons wifi0: Atheros 5212: mem=0x98080000, irq=5

/********************************************/ [kismet@pipiche03 ~]$ sudo kismet Password: Server options: none Client options: none Starting server... Waiting for server to start before starting UI... Will drop privs to kismet (501) gid 501 No specific sources given to be enabled, all will be enabled. Enabling channel hopping. Enabling channel splitting. Source 0 (AtherosG): Enabling monitor mode for madwifi_a source interface wifi0 channel 36... NOTICE: Created Madwifi-NG VAP kis0 WARNING: wifi0 appears to be using Madwifi-NG. Some versions of the Madwifi-NG drivers have problems in monitor mode, especially if non-monitor VAPs are active. If you experience problems, be sure to try the latest versions of Madwifi-NG and remove other VAPs FATAL: Unable to enter monitor mode. This can happen if your drivers have been compiled without the proper wireless extensions support or if you are running a very old version of the drivers or kernels. Please see the troubleshooting section of the README for more information. [kismet@pipiche03 ~]$ Password:

/*************************************/ %dmesg . . agpgart: Putting AGP V2 device at 0000:01:05.0 into 4x mode unable to load wlan_scan_monitor device kis0 entered promiscuous mode

[root@pipiche03 ~]# iwconfig lo no wireless extensions. eth0 no wireless extensions. wifi0 no wireless extensions. sit0 no wireless extensions. vmnet8 no wireless extensions. kis0 IEEE 802.11b ESSID:""

Mode:Monitor Frequency:2.412 GHz Access Point: 00:0F:20:93:89:E1 Bit Rate:0 kb/s Tx-Power:15 dBm Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=0/94 Signal level=-95 dBm Noise level=-95 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0

/**************************************/ [root@pipiche03 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:08:02:DF:D2:61

UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:10

kis0 Link encap:UNSPEC HWaddr 00-0F-20-93-89-E1-D8-ED-00-00-00-00-00-00-00-00

UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:13 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:992 (992.0 b) TX bytes:0 (0.0 b)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2245 errors:0 dropped:0 overruns:0 frame:0 TX packets:2245 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2583394 (2.4 MiB) TX bytes:2583394 (2.4 MiB)

vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08

inet addr:192.168.45.1 Bcast:192.168.45.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

wifi0 Link encap:UNSPEC HWaddr 00-0F-20-93-89-E1-D8-ED-00-00-00-00-00-00-00-00

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:199 RX bytes:680 (680.0 b) TX bytes:0 (0.0 b) Interrupt:5 Memory:f8ba0000-f8bb0000

Looks like it creates the monitor mode just fine, it just can't switch to a mode.

Please try to configure kismet.conf to use a b or g source instead of a, and see if it works.

You got it. If I don't enable madwifi_a, but I enable either b or g or the two it works!

Let me know if you would like any logs to investigate on the "a" side ?

Thanks for testing things out.

I'm pretty sure I know whats wrong, I just got to work on it. Its probably a major problem for most people.

I'll see if i can get it fixed in the next couple of days. (i'm fairly busy this week, so no promises).

someone wanna delete the spam comment?

See #635.

comment purged

The originally reported issue has been fixed by proski in r1748 and r1749.