Detecting unwanted home wireless network connections from your neighbors

Malke hath wroth:

(...)

How many and who are quite different. It's not easy with the WRT54G because there is no seperate wireless status page. The best you can do is the DHCP client table at:

which doesn't show any connection that has a self assigned static IP address.

The WRT54G also does not directly support syslogd, NetFlow, or SNMP, so you can't use a router monitor utility to do the job.

One thing you can do is sniff the traffic between the WRT54G and your cable or DSL modem using something like AirSnare:

or other intrusion detection system.

You can also replace the firmware in your router with an open source replacement that does offer syslogd, SNMP, and usable status pages.

This should give you a fair simulation of what's available with DD-WRT. See that various Status pages:

This is my home and office WRT54G routers running DD-WRT v23 sp2.

The wireless clients list (and DHCP table) are at the bottom of the page. Note that not all WRT54G hardware mutations can handle alternative firmware.

I think AirSnare will do what you want. Also see:

(requires dd-wrt) (may not work with all WRT54G versions) Then, if you feel ambitious, try DD-WRT firmware.

======================

Why go to all the trouble of detection? Why not set up your system with a decent 128-bit WEP security code?

Fwiw, WEP has been superseded by the WPA & WPA2 security systems. A decent overview as to the whys and wherefores can be had at:

-Craig

Thank you very much Jeff Lieberman.

It's rare to see such a definitive response to a users' question as yours.

You're in the top few percent of helpful posters! I, for one, will check out each of your recommendations, in order, starting with AirSnare freeware to detect who is connected to my wireless router!

I don't seem to have an option for WPA2 on my Windows XP Service Pack 2 for some reason. Did I miss something?

How do I know if I can use WPA2 on my PC when the option does not show up in the wireless network?

Malke hath wroth:

Y'er welcome, but I do wish you would spell my name correctly. It has two n's at the end. The 2nd one is a spare in case I get rear ended.

I was bored. However, don't worry. It won't happen again.

I've been told I am beyond help(ful). Be careful, I'm also fairly sloppy and do make some mistakes.

If you sniff traffic between the modem and router, you'll need to install some kind of a hub in between. Note that I said hub, not switch. A switch will not show the traffic on the monitor port. A hub has all the traffic appearing at the port. An old 10baseT hub should work fine for all but the fastest cable modem systems.

You can also build a crud passive ethernet tap. (I carry one in my troubleshooting case).

It took me several tries to get the wiring correct so be careful.

Good luck.

Malke hath wroth:

Yep. MS was a bit late on adding WPA2. They still haven't added all the multitude of authentication schemes. You need yet another update. See:

You might want to run:

and select "custom" instead of the usual "recommended". Then install the kitchen sink.

Install KB893357.

Kissbuttware

This looks pretty simple to build however I am curious to know why one couldn't make this work in full duplex with three jacks? It seems having three interfaces would hash something up.. I could walk to my work van and have one built in just a few minutes and test it I suppose.

Any thoughts?

Adair

"Adair Witner" hath wroth:

Easy. Each of the two middle jacks has only the receive data lines connected to the sniffing computah. You can safely attach more than one receive load to a single transmit line, without doing too much damage. In this derrangement, there's only on source of data.

However, you cannot put two transit lines in parallel. If you did that the resultant data would be a mix of the two transmit lines and look like garbage.

In case it's not obvious, the two middle jacks sniff data in one direction only. The #2 jack sniffs data coming from the #1 jack. The #3 jack sniffs data coming from the #4 jack. If you want to sniff data in BOTH directions simultaneously, you'll need something more sophistocated, like an ethernet hub (not a switch).

It's quite handy. I prefer to use the monitor port feature found on most Cisco switches, but some of my customers don't like me reconfiguring their sacred router/switch, especially if it's under service contract with some systems management outsourcing company. I usually carry a 10baseT hub and a 100baseTX hub (not a dual speed hub) with me, for when I need to sniff in both directions. Now, if I could only find where I put the wall warts to these...

It's Sunday. Thinking is optional.

Malke wrote in news:jUFai.13377$ snipped-for-privacy@newssvr21.news.prodigy.net:

Do really believe you can hide?

In your end do you believe you have made your free choice?

Is there something else you might want to confess, be a witness and participant in the dialogue here at freeware and if you answer me I might consider that some people, also known as human beings have caught the Light that Lights the footpaths of all the Holy People into the most Incredible SunRise,

I've often read of the top ten dumbest wireless security advice, trusting in MAC address filtering is always high in the list of mistakes to avoid.

In fact, the fallacy of MAC address filtering is listed as the number one wireless security mistake in some articles such as

All I'd want is software that tells me the IP & MAC address of all the computers hooked up to my network. Is that too much to ask for?

Well, the Linksys does that itself. I have the WRT54GS Just look in modem URL under Status/Local Network/DHCP Clients Table. Shows every puter currently logged into your router by puter name, IP, and MAC address. The IP of course, will be one of "yours".

MM