Here's the scoop: I can't get kismet_drone to do channel hopping on my v2 hardware.  I don't know why, I could swear I had it working before.

Since I've spent altogether too long trying to figure out how to fix it, I decided a hackish workaround wold be sufficient for now, so here it is:

Put this in a file, run it backgrounded while kismet_drone's running.

-------------------------------
#!/bin/ash

WL=/usr/sbin/wl

$WL disassoc
$WL ap 0
$WL passive 1

while true
do
     $WL scan 2>/dev/null
     sleep 1
done
-------------------------------

It seems to work right for me.  If someone out there who knows more about this stuff than I do has some critique, I'd appreciate it.  I'm concerned that this might have side-effects, but I don't think so.

I had the same problems as you. You're probably after this version of kismet_drone.

Enjoy.

Unfortunately, that performs the same as my former kismet_drone's  :

I'm not sure what the problem is, but if anyone can enlighten me as to where to begin, I'd be happy to try to figure it out.

Thanks for trying.  For now, I'm using my above script again.

I'd really like to see a copy of someone's 'nvram show' who's gotten channel-hopping to work.  That seems like it might be a good place to start.

If someone can hook me up, I'd appreciate it! 

Below is an edited discussion from the #kismet irc today - times are GMT +12.  What dragorn is saying is that he didn't originally see channel hopping as important for the drone as it was more likely to be used as an IDS on a single channel; that channel hopping may break AP mode on a WRT54 and the ioctls don't support channel hopping; channel hopping may be included in a future release if he has time to analyse the ioctls.

[09:26] <gr8w11ne> Anyone know if channel hopping functionality has been/ is being developed for kismet_drone?
[09:26] <dragorn> It's always been part of it.
[09:31] <gr8w11ne> dragorn: Oh, that is not what you wrote in a February post?
[09:31] <gr8w11ne> Drones are mostly meant to be completely standalone and uncontrolled, typically for monitoring a known network install locked on a single channel.
[09:34] <gr8w11ne> Specifically on the WRT54GS it does not appear to channel hop unless you put it in client mode
[09:36] <dragorn> The wrt54 source doesn't hop, period
[09:36] <dragorn> has nothing to do w/ the drone
[09:36] <dragorn> Typically drones don't hop, no, though they could if you told them to.  If the source supports it.
[09:37] <gr8w11ne> So using openWRT can you tell a drone to hop?
[09:37] <dragorn> no
[09:38] <dragorn> Like I said - the wrt54 source doesn't support hopping.
[09:38] <dragorn> At some point in the future, maybe, with reservations.  I'm extremely hesitant to change the configs of the AP in such a way that it's not longer useful as an AP
[09:38] <dragorn> it also depends if I get the ioctls deciphered or not.
[09:39] <gr8w11ne> So the problem is in the Broadcom binaries which are not open source?
[09:40] <dragorn> Not exactly.
[09:40] <dragorn> THe problem is that I haven't had time to decipher the ioctls from the wl control program
[09:40] <dragorn> Nor am I convinced it's a good idea in the first place.
[09:41] <W8TVI> why would it be a bad idea?
[09:41] <dragorn> because it will break the AP
[09:41] <dragorn> as far as being an AP is concerned.
[09:41] <W8TVI> ok, why would it break it?
[09:42] <dragorn> because if you're hoppign channels
[09:42] <AndyCap> dragorn: but it would be a cheap(ish) way to get more than one sniffer on a laptop, (and also let win32 users sniff)
[09:42] <dragorn> you're not being an AP on the channel you were configured to be
[09:43] <W8TVI> dragorn: the thing is, if you want it to hop channels, your not using it as an ap anyway
[09:44] <devine> dragorn: the broadcom linux drivers aren't compatible with wireless-tools ?
[09:45] <dragorn> the wrt54 doesn't use iwconfig.
[09:45] <devine> then it sucks even more.
[09:45] <dragorn> I wouldn't go as far as all that
[09:46] <W8TVI> devine: not really.
[09:46] <dragorn> AndyCap: Yes, my concern is people who don't know what they're doing nuking their ap.  And that I don't have the ioctls figured out, so it's moot until then anyhow.
[09:46] <AndyCap> dragorn: hehe, I couldn't think of a more deserving bunch. :-P
[09:46] <W8TVI> devine: tell me where else you can ge a $60 linux based router/ap that has a managed 5 port switch in it?
[09:47] <AndyCap> still, it's not like they nuked it beyond a reboot.
[09:47] <dragorn> AndyCap: Remember the amount of stupid I get every day in my inbox.
[09:47] <AndyCap> dragorn: ah, good point.
[09:47] <dragorn> Basically when I added the wrt54 source I never considered someone would lug one around with them as a sniffing card
[09:47] <devine> W8TVI: heh. indeed
[09:47] <dragorn> Working off that assumption, you don't want to break the AP, youw ant to run an IDS alongside running an AP, which is what it does
[09:48] <W8TVI> dragorn: I like the idea that it can be used as more than just an ap
[09:49] <AndyCap> dragorn: says the man with a pc installed in his car. ;-)
[09:49] <dragorn> well, when I finally get the newcode code done someone can ahssle me about adding channel changing to that.
[09:49] <W8TVI> dragorn: with the Sveasoft firmware you can use it bridge too
[09:49] <dragorn> Or someone else can decipher the ioctls and send me a patch if you don't want to wait.
[09:49] <AndyCap> dragorn: or even diy.
[09:50] <dragorn> W8TVI: I'm aware.  Bridging doesn't mean you want it changing channels either, though.
[09:51] <AndyCap> hehe, if only clients were fast enough to follow the hopping AP around.
[09:55] <gr8w11ne> Thanks, I will post some of this discussion in the OpenWRT forum where there have been some questions on this
[09:56] <dragorn> If someone wants to send me a diff to call the ioctls to change the channels, I'll merge it
[09:56] <dragorn> Eventually, I'll add it, but don't hold your breath because I have a lot to finish before then

gr8w11ne

Shit, thanks man, that clears things right up. 

Since I'm incapable, I'm hoping someone implements hopping soon, my hack is sloppy.