Detecting unwanted home wireless network connections from your neighbors

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View


Does anyone of software to tell HOW MANY connections are to your home
wireless router?

I am setting up my very first wireless router and I would like to know when
someone has connected to my network without my knowledge. Is there windows
freeware to tell us the hostname, ip address, and mac address of all
computers connected to a router?

All I can see looking at the router itself is the start and end dhcp number
but this isn't definitive as machines can come and go on the local network.

I've googled and read tons of stuff on how to set up the Linksys WRT54G
wireless home router, for example - limiting the DHCP number to the precise
number of computers on the home network.

But I can't find the screen or software which shows me exactly who is
connected to my router's internet connection.

Where is the software that tells me WHO is connected to my router?

Re: Detecting unwanted home wireless network connections from your neighbors



Quoted text here. Click to load it
(...)
Quoted text here. Click to load it

How many and who are quite different.  It's not easy with the WRT54G
because there is no seperate wireless status page.  The best you can
do is the DHCP client table at:
<http://www.linksysdata.com/ui/WRT54G/v5/1.00.6/StaLan.htm
which doesn't show any connection that has a self assigned static IP
address.

The WRT54G also does not directly support syslogd, NetFlow, or SNMP,
so you can't use a router monitor utility to do the job.

One thing you can do is sniff the traffic between the WRT54G and your
cable or DSL modem using something like AirSnare:
<http://home.comcast.net/~jay.deboer/airsnare/
or other intrusion detection system.  

You can also replace the firmware in your router with an open source
replacement that does offer syslogd, SNMP, and usable status pages.
<http://www.dd-wrt.com
<http://www.OpenWRT.org
This should give you a fair simulation of what's available with
DD-WRT.  See that various Status pages:
<http://www.informatione.gmxhome.de/DDWRT/Standard/V23final/index.html

This is my home and office WRT54G routers running DD-WRT v23 sp2.
<https://office.LearnByDestroying.com:8080
<https://home.LearnByDestroying.com:8080
The wireless clients list (and DHCP table) are at the bottom of the
page.  Note that not all WRT54G hardware mutations can handle
alternative firmware.

Quoted text here. Click to load it

I think AirSnare will do what you want.  Also see:
<http://www.linklogger.com
<http://sonic.net/wallwatcher/
<http://www.dd-wrt.com/dd-wrtv2/rflow.php (requires dd-wrt)
<http://svs.sv.funpic.de/ (may not work with all WRT54G versions)
Then, if you feel ambitious, try DD-WRT firmware.

Quoted text here. Click to load it

--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: Detecting unwanted home wireless network connections from your neighbors


On Sat, 09 Jun 2007 15:58:04 -0700, Jeff Liebermann wrote:

Quoted text here. Click to load it

Thank you very much Jeff Lieberman.

It's rare to see such a definitive response to a users' question as yours.

You're in the top few percent of helpful posters! I, for one, will check
out each of your recommendations, in order, starting with AirSnare freeware
to detect who is connected to my wireless router!

Re: Detecting unwanted home wireless network connections from your neighbors



Quoted text here. Click to load it

Y'er welcome, but I do wish you would spell my name correctly.  It has
two n's at the end.  The 2nd one is a spare in case I get rear ended.

Quoted text here. Click to load it

I was bored.  However, don't worry.  It won't happen again.

Quoted text here. Click to load it

I've been told I am beyond help(ful).  Be careful, I'm also fairly
sloppy and do make some mistakes.

Quoted text here. Click to load it

If you sniff traffic between the modem and router, you'll need to
install some kind of a hub in between.  Note that I said hub, not
switch.  A switch will not show the traffic on the monitor port.  A
hub has all the traffic appearing at the port.  An old 10baseT hub
should work fine for all but the fastest cable modem systems.

You can also build a crud passive ethernet tap.  (I carry one in my
troubleshooting case).
<http://www.snort.org/docs/tap/
It took me several tries to get the wiring correct so be careful.

Good luck.

--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: Detecting unwanted home wireless network connections from your neighbors


Quoted text here. Click to load it

This looks pretty simple to build however I am curious to know why one
couldn't make this work in full duplex with three jacks?
It seems having three interfaces would hash something up..
I could walk to my work van and have one built in just a few minutes and
test it I suppose.

Any thoughts?

Adair



Re: Detecting unwanted home wireless network connections from your neighbors



Quoted text here. Click to load it

Easy.  Each of the two middle jacks has only the receive data lines
connected to the sniffing computah.  You can safely attach more than
one receive load to a single transmit line, without doing too much
damage.  In this derrangement, there's only on source of data.

However, you cannot put two transit lines in parallel.  If you did
that the resultant data would be a mix of the two transmit lines and
look like garbage.

In case it's not obvious, the two middle jacks sniff data in one
direction only.  The #2 jack sniffs data coming from the #1 jack.  The
#3 jack sniffs data coming from the #4 jack.  If you want to sniff
data in BOTH directions simultaneously, you'll need something more
sophistocated, like an ethernet hub (not a switch).

Quoted text here. Click to load it

It's quite handy.  I prefer to use the monitor port feature found on
most Cisco switches, but some of my customers don't like me
reconfiguring their sacred router/switch, especially if it's under
service contract with some systems management outsourcing company.  I
usually carry a 10baseT hub and a 100baseTX hub (not a dual speed hub)
with me, for when I need to sniff in both directions.  Now, if I could
only find where I put the wall warts to these...

Quoted text here. Click to load it

It's Sunday.  Thinking is optional.

Quoted text here. Click to load it
--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: Detecting unwanted home wireless network connections from your neighbors


On Sun, 10 Jun 2007 00:08:27 GMT, Malke wrote:

Quoted text here. Click to load it

Kissbuttware
--
This is what I looked like after John "Heartless" Corliss called me a
troll.
http://tinyurl.com/2dympt

Re: Detecting unwanted home wireless network connections from your neighbors


notreally@invalid.invalid says...
Quoted text here. Click to load it
======================

Why go to all the trouble of detection?  Why not set up your system with
a decent 128-bit WEP security code?

Re: Detecting unwanted home wireless network connections from your neighbors


Lord Possum wrote:
Quoted text here. Click to load it

Fwiw, WEP has been superseded by the WPA & WPA2 security systems.  A
decent overview as to the whys and wherefores can be had at:
<http://en.wikipedia.org/wiki/WPA2

-Craig

Re: Detecting unwanted home wireless network connections from your neighbors


On Sat, 09 Jun 2007 17:03:31 -0700, Craig wrote:

Quoted text here. Click to load it

I don't seem to have an option for WPA2 on my Windows XP Service Pack 2 for
some reason. Did I miss something?

How do I know if I can use WPA2 on my PC when the option does not show up
in the wireless network?

Re: Detecting unwanted home wireless network connections from your neighbors



Quoted text here. Click to load it

Yep.  MS was a bit late on adding WPA2.  They still haven't added all
the multitude of authentication schemes.  You need yet another update.
See:
<http://support.microsoft.com/kb/893357
<http://www.microsoft.com/windowsxp/using/security/expert/bowman_wirelesssecurity.mspx
You might want to run:
<http://windowsupdate.microsoft.com
and select "custom" instead of the usual "recommended".  Then install
the kitchen sink.

Quoted text here. Click to load it

Install KB893357.
--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: Detecting unwanted home wireless network connections from your neighbors



Quoted text here. Click to load it

Do really believe you can hide?

In your end do you believe you have made your free choice?

Is there something else you might want to confess, be a witness and
participant in the dialogue here at freeware and if you answer me I might  
consider that some people, also known as human beings have caught the
Light that Lights the footpaths of all the Holy People into the most
Incredible SunRise,

Re: Detecting unwanted home wireless network connections from your neighbors


On Sun, 10 Jun 2007 22:18:44 GMT, AintIaNiceFeller  wrote:

Quoted text here. Click to load it

I've often read of the top ten dumbest wireless security advice, trusting
in MAC address filtering is always high in the list of mistakes to avoid.

In fact, the fallacy of MAC address filtering is listed as the number one
wireless security mistake in some articles such as
http://www.ghacks.net/2006/06/17/six-wifi-security-myths /

All I'd want is software that tells me the IP & MAC address of all the
computers hooked up to my network. Is that too much to ask for?

Re: Detecting unwanted home wireless network connections from your neighbors


notreally@invalid.invalid says...
Quoted text here. Click to load it

Well, the Linksys does that itself.
I have the WRT54GS
Just look in modem URL under Status/Local Network/DHCP Clients Table.
Shows every puter currently logged into your router by puter name, IP,
and MAC address. The IP of course, will be one of "yours".

MM

Site Timeline