was having trouble with erratic ordinary WIFI reception. thought it was other wifi signals drifting in from the local area and a nearby shopping center. changed ap to a diffirent channel ( was 6 changed to 11). erractic reception with what appeared to be a good received signal started again after some time. late at night last week while setting up a wifi laptop with an arbritrarily non-default chosen SSID noticed another same named and channel signal using netstumbler. ssid was visible. router type was hidden. thing was power was off the scale ( like Star Trek). signal does not seem to be coming from an adjacent area. signal ( or at least SSID) disappeared for a time. then same mac id appeared on channel 11. any ideas ?
If the signal was that strong and visible with Netstumbler, do some transmitter hunting. Get a directional antenna or build a reflector type contraption. Move around the neighborhood and draw lines on a map in the direction of the strongest signal. Most of the lines will cross at one point. There's your culprit.
Incidentally, you might wanna buy a new keyboard. Your shift key appears to be broken.
The new thing for hackers is to setup an AP and then use yours or someelses ssid and get them to signon thru their AP and steal the names and passwords. Could be what you are seeing. Do you have some businesses near you? Probably not the grocery store but more like some company that has something worth stealing.
Jeff, you sure are thorough. most likely my typing. using a Linksys WRT54G router. 64 bit envryption on. found this on the wireless site survey in the Linksys control panel. SSID MAC Channel Rssi noise beacon cap dtim rates
Nope. It's your grammar, or lack thereof that I find lacking. If you scribble for your own benefit, then by all means, do it in manner you find convenient. However, if you expect others to read and understand your questions, kindly make some effort to be communicative. Complete sentences would be a big help. Extra credit for not top posting. I realize that the extra effort required to hit the shift key for capitalization may cripple your 5th digit, but methinks it might be worth the effort and risk.
Cisco access point: 00-12-01 (hex) Cisco 001201 (base 16) Cisco 80 West Tasman SJ-M/1 San Jose CA 95134 UNITED STATES
IEEE OUI (MAC) address lookup:
formatting link
the XX-XX-XX form for searching.
I thought you said it was a strong signal? -92dB is not very strong.
Most home users don't use Cisco access points. Too expensive. My guess is some corporation or company is setting up a backup or duplicate access point for roaming and is having difficult time.
It's not unusual for companies to have multiple access points with identical SSID's for roaming.
I scribbled a bit on how I do direction finding. Googling... |
formatting link
the last few messages of the above mess. It's a bit more tricky with strong signals because of the tendency for the receiver to overload. Strong signals also have strong reflections. Practice with a known AP location. It's fun.
Sorry for all the trouble. Did not mean to be rude or insulting in any manner. The Tech tpes that I deal with often just want the facts in a summary point form. This was not the signal that I was concerned about previously. I have identified this these signals as coming from a very nearby mall. I have really never caught any information in the Status > Wireless Surves Scan. Surprised to see any as have never had 1 receiver in the report even though there are several clients on my network. I wondered what this meant. Did this mean that the router had accepted them and given them an ip ? Or did it mean that the router had just found them and was awaiting a wep code in return ? Thank you for the Mac adress - Manufacturer link. I was having touble finding such a table. Can the Mac adress of the adapter be changed to hide it or is a unchangeable number emitted from the adapter ? Also with netstumbler when it reports that the manufacturer is "fake" what does this mean ? Have seen a fake report but with Linksys SSID. Again my apologies not trying to be disrespectfull in any way.
Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:
I have to agree with you Jeff. When a person is trying to solicit answers on a public forum, they should at least have the courtesy to post a readable question.
It varies depending upon the type of question. If it's a techy problem, I wanna see:
What problem are you trying to solve? That can usually be done in one sentence.
What hardware and software do you have to work with? That means make, model, version, software, numbers, etc. I think that's what you mean by "summary point form".
What did you do to try and solve the problem and how did it work?
Ummm... There's more than one "signal"?
Is Netstumbler and the WRT54G site survey tool returning the same SSID and MAC address for these mysterious access points? Normally, Netstumbler is MUCH more sensitive and will pickup all manner of access points. That's because it takes only one or two packets to ID the access point, while the site survey tool in most routers are a bit more conservative. You will often see access points with Netstumbler that you cannot connect to as they are far away or weak to negotiate a connection. However, you indicated that the signal is quite strong, so you should see it on both Netstumbler and the site survey tool.
Neither Netstumbler or the site survey tool will show wireless clients. Only access points. I guess you should consider yourself lucky not to have had any nearby access points. I suspect that has just changed.
Growth. New access point has moved in.
No. The purpose of the site survey tool is to identify other access points in the neighborhood, so that you can find a unique SSID and a clear channel. It has exactly the same function as Netstumbler and I'm guessing (not sure) uses exactly the same method of finding them. Your WRT54G does nothing with these except to identify their presence.
No. Unless you have WDS enabled and functioning, your WRT54G will do nothing with the access points it has found.
It's a handy thing to have. Some of the sniffer tools have a built in MAC address manufacturer lookup tool to identify the hardware found. Unfortunately, many manufactories invent their own codes, which make it difficult to identify. I was also trying to keep a list of common wireless devices down to the model numbers. I assumed that these would be issued in an organized manner. Instead, I find some manufacturers re-using MAC addresses, while others are incredibly creative and sloppy. I gave up.
This is not very up to date, but includes many MAC addresses not officially listed by the IEEE.
formatting link
Wireless router or access point. This is usually fixed in flash memory and cannot be changed. The "cloning" of the MAC address will only change the WAN port MAC address. The LAN port remains unchanged. However, someone found how to change it on the LAN side on the WRT54G. I can't find the URL (thanks to FireFox eating my bookmarks).
Client radios. All too easy to change. The "properties" on the network adapter usually has a custom MAC address setting. Windoze will use the MAC address in the registry instead of the one from the card.
formatting link
formatting link
(there are others)
You'll also see access points with a MAC address of 00-00-00-00-00.
If Netstumbler 0.4 can't decode the manufacturers MAC address or some part of the AP ID data is unreadable, it will return "fake". "Unknown" would have been a better choice of terms. I've also seen one Centrino laptop that returned "fake" for every access point it sees. Seems to be some kind of timing issue, but I'm not sure. I just took a quick look at the NetStumbler binary with a hex editor. The list of manufacturers is compiled into the binary. It would have been better to have the index external, so that new manufacturers could be added.
Most of the customized WRT54G firmware (Sveasoft, OpenWRT, HyperWRT, etc) will return "fake".
Not a problem. It gives me a chance to be obnoxious and critical. Well, I do that all the time anyway, so it's not exactly a special event. The problem is not being disrespectful. It's getting sufficiently organized to ask a question in a manner in which it can be answered. That's not an easy thing to do and requires some practice. Consider this feedback as you're doing a marginal job. It's much like asking support questions over the phone. The person you're talking to wants to help, but has zero information on what you own, what you're dealing with, where you've been with it, and why you're calling. For some unknown reason, many callers start with the details and leave the problem they're trying to solve for last. It's difficult to understand the details without the overall context of knowing what inspired the call. I usually let them rant for a while until they eventually announce the problem.
Incidentally, if you read other peoples questions, you'll notice that most people simply do not disclose what equipment and software they are using. I don't know why people do that, but it drives me to fits of temporary insanity. You were good enough to disclose that you are using a WRT54G. However, there are 4 different hardware versions, and numerous firmware versions. In this case, it wasn't necessary to know the details, but in the future, it might be helpful to mention the hardware and firmware versions.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.