[V] WLAN scanning on iBook

802.11b WLAN (scanning) on my Blueberry iBook with YellowDog 3.0.1 and kernel 2.6.7-rc1
Photos atm off, sry

iBook (I have an iBook firewire blueberry with 1 usb port, all iBooks should work)
airport card (just airport 802.11b, the new airport extreme cards don’t work on linux)

YellowDog linux 3.0.1

Bitkeeper kernel 2.6.7-rc1

Orinoco driver 0.15rc1

Kismet 2004-04-R1 (for WLAN scanning)

module-init-tools 3.0 (fedora core2 ppc rpm works nice)

In the early summer of 2004 I decided that i should have a notebook,
my first thought was that I could sit in the yard and have irc all the time.
Or maybe I could write some PHP or listen to livestreams.

So I watched eBay for some days to find the right offer.
Soon I figured out that there are no nice i386 notebooks offered for the money I wanted to spend (<400eur).
But then I saw that nice blueberry iBook for just 250eur.
It was declared as having 400MHz, a 10GB hdd and 64mb built-in RAM.
A few days later I held it in my hands (in the end it reached 350eur on eBay).

After some clicking around in MacOS 9.1 I found the system profiler that told me that my iBook just had 366MHz.
That really was bad luck, again i was fooled by an eBay seller.
But I’m not that kind of guy who comes after your family for just 34MHz so I left it that way.
Then I found out the nice thing about my iBook: The eBay seller forgot a 256meg RAM chip in the iBook. 🙂
So i had 34MHz less, and 256mb of RAM more. That’s fine with me.

Then a few weeks of buying stuff for my iBook passed.
I got a new 30gb harddisk with 8mb cache an a new CD drive, because the old seemed to read just MacOS disks properly,
it didn’t read my burned linux cds.

Soon I got an airport card, too.
I still don’t have my own access point at home (but my neighbours, hehe).

I never sat in front of any mac, but I have seen my friends working with their creepy 1-button mouse
and I wondered how you can work with a modern GUI OS with just one mousebutton.
So I decided to throw away that unleet MacOS and installed YellowDog linux 3.0.1 (and plugged in my 7-button intelli mouse explorer 🙂 ).

At that time I didn’t have my new cdrom drive so I installed everything from my local ftp server where I copied the disks to.

Use “install askmethod ramdisk_size=16384” on the YellowDog bootloader for installation.
The default ramdisk_size for the instalation is 8mb, that works for the standard from-disk installation,
but the stage1 bootloader for network installation is 2kb too big for that ramdisk, so network install won’t work out-of-the-box.

The whole installation thing is like any other anaconda installation.
You’re free to install what ever you want, the base System is not essential for our WLAN thing.
Sure, you have to install some packages to compile the software mentioned in the top of this article,
but missing packages can be installed later.
I choosed the laptop package-preselection with all of the KDE packages and all available devel packages.
My system currently uses about 2.4GB on / .

IMHO YellowDog is the best linux for your iBook, everything works perfect out-of-the-box.
Sound, graphics, rpm installing over apt-get, and of course WLAN.
But you should switch to another apt mirror in /etc/apt/sources.list,
because ftp.yellowdoglinux.com is awfully slow (average 6kb/s on my german t-dsl 786kbit).

YellowDog should find your airport card, and configure it as eth1.
At that point you are ready to use WLAN the normal way.
You can configure any WLAN in /etc/sysconfig/network-scripts/ifcfg-eth1 as long as you know
the WEP key, the SSID and the ip-range (if there is no DHCP).

So, your YellowDog is ready to go, if you have any problems with installing the base system,
see the YellowDog support mailing lists and the support docs on their page.


First of all I have to mention that it was my first really successful attempt to build my own kernel.
So don’t complain on the big kernel (5.3mb – but i suppose “make strip” or “make mrproper” decrease the size)
and the few bugs it still has, as there are:
The PMUD daemon doesn’t work (i still haven’t really figured out what it really does, it’s some kind of power saving daemon).
The pbbuttonsd daemon spawned some Ooops messages when accessing non accessible memory areas (i disabled it then. no probs now 🙂 ).
Also I haven’t figured out why the aRts daemon refuses to play any sound in KDE (oss playback directly over /dev/dsp works).
As I said, i’m not that pr0 🙂
I will take any suggestions to fix my problems.

So I downloaded the bitkeeper 2.6.7-rc1 kernel and its source from http://ppckernel.org
and configured it to use ext3, as the standard kernel they provided didn’t have any ext3 support and all my partitions were ext3.
So i reconfigured the source and used my own compiled kernel.

You can get the sources I used with the link above.

Then I compiled the kernel with:
make vmlinux
make modules
make modules_install

I copied the System.map to /boot/System.Map-2.6.7-rc1 and the vmlinux to /boot/vmlinux-2.6.7-rc1

See pic1 at the bottom of the page.

You have to run “ybin” to enable the changes.

Then just reboot and type “linux1” in the bootloader.
If your kernel boots properly you have to install the module-init-tools 3.0 (just do rpm -Uvh) because the 2.4 modutils don’t support
the new 2.6 .ko kernel modules.

Then do a “depmod” to update the module dependencies.

You may be wondering why the kernel doesn’t load any modules, thats because of the new module autoloading function in 2.6.
You have to change any occurences of /proc/ksyms to /proc/kallsyms in /etc/rc.sysinit.
On the next reboot everything should work well.

So your iBook is running 2.6.7-rc1.
We’re ready to go for the next step.

At the time of this writing, the standard kernel already contains drivers for your airport card, but they don’t support
the monitor mode you need to scan for wireless networks.

So I downloaded the Orinoco driver 0.15rc1 from http://www.nongnu.org/orinoco which implements this function
(I still don’t know why they don’t include these in the kernel tree).

You can get the sources I used with the link above.

The Orinoco driver supposes that you have a link to the build-sources in /lib/modules/2.6.7-rc1/ named “build”.
If thats the case it should compile nice with just “make”.
After that just do a “make install” and the new modules will be installed in the right directories.

You have to do a “depmod” again to update the module dependencies, because the new modules have
other deps than the original (although they have the same names).

Here’s my ifcfg-eth1 that works nice for network scanning:
See pic2 at the bottom of the page.

If you do a “ifup eth1” now you may get some errors that really don’t affect our work:
See pic3 at the bottom of the page.

I suppose these are because of the empty fields in my ifcfg-eth1

But the driver will load properly and if you do an ifconfig and lsmod it should look like this (if you have a german console 🙂 )
See pic4 and pic5  at the bottom of the page.

Now our airport card is ready to go for wlan scanning.
You can do a “iwlist eth1 scanning” if you installed the wireless tools.
That should display all available networks on the current configured wireless channel.
But we want to see ALL networks we can reach and perhaps want to dump packets to decrypt the WEP keys.
So we need Kismet:

This one is easy.
Download the sources from http://www.kismetwireless.net or use the sources I used via the link above.

Untar the archive and configure it.
You may have to get a new libpcap library or something else.

I configured it with “./configure –prefix=/usr/local/kismet/”

Then just type “make” and “make install”.

After installation you have to configure everything to your needs in the kismet config files located in /usr/local/kismet/etc
I configured the program to do some less aggressive channel hopping (1 hop per second), because it seems that my airport card has problems
with hopping 5 channels per second.

Remember to set the SUID user to someone available on your system.

Now we are ready to go.
Start the kismet server via the kismet_server executable.
It should give you some output like this:
See pic6 at the bottom of the page.

(dont mind the weird system time on my notebook, the system clock resets sometimes when i switch off the ibook
because my reset button hangs)

Now, that kismet is a client-server program you have to start the kismet client also via kismet_client. (You can also just execute “kismet”. This starts both executables.)
Then you will get a nice GUI that plays sounds everytime it detects a new WLAN.
See pic7 at the bottom of the page.

The GUI is self-explainable, the available function-keys are displayed in the help (press “h”).

The .dump files Kismet generates can be parsed with airsnort to sniff WEP keys (if I understood this right).
I will check this next week at our company (as I mentioned, I don’t have an access point to try this at home).

Thats all.
I hope I didn’t miss anything.
But if you have any problems, don’t query me, search the support forums of the mentioned programs and drivers.
I’m glad that I got this running in this basic setup.

Leave a Reply