Re: Tracking Who Is Leeching Off My Network!
From: David (davidwnh_at_adelphia.net)
Date: Thu, 16 Oct 2003 21:46:49 GMT
What traffic is it catching? Only that between the AP and that specific
machine or is it also catching traffic from the AP to other wireless
machines and from other wireless machines going to the AP?
Once again make sure your adapter allows for and is entering promiscuous
mode and has rfmon support. The above question will answer that. Google
for the developers of various wireless sniffers. They will often provide
info on their websites as to which cards use chipsets and have drivers
that allow for promiscuous mode and have rfmon support.
The machine should be able to get everything coming from the AP no
problem if you have a good SNR for your own connection. So your problem
may be that you are not seeing the traffic from the other machines going
to the AP if you do in fact have a card and drivers which allow for
promiscuous mode and rfmon. With a laptop, seeing the other wireless
machines can be dealt with by moving it around. USB wireless adapters
are good for snooping since you can put them higher and away from than
the machine so the machine itself doesn't interfere with reception. Not
as good as an external antenna but a lot cheaper.
> I did actually log _a bit_ of traffic last night using a wireless
> sniffer on a wireless enabled machine. Trouble is that it missed the
> vast majority of traffic that I can see from my router log file. Do I
> need to add an antenna to my wireless machine that is sniffing or is
> it enough to put it next to the AP? I was very surprised to see
> traffic on the router logs and almost none of it turn up on the
> sniffer on the wireless computer.
> David <email@example.com> wrote in message news:<firstname.lastname@example.org>...
>>Use a wireless sniffer on one of your wireless enabled machines. Kismet
>>or Airsnort depending on your OS. I think ethereal will even sniff
>>wireless. Google for what is available for your OS and is compatible
>>with the chipset in your adapter.Best bet might be a notebook then you
>>can walk around while looking at the the SNR's. If you are familiar with
>>Linux or want to give it a try you can use something like Knoppix-STD
>>which will boot from a CD and give you kismet without even installing
>>Linux to a hard drive.
>>In any case you are best to use WEP even if you wish to allow others to
>>use your connection. People can sniff your wireless traffic if you
>>don't. If you use open system authentication then WEP keys shouldn't be
>>a problem even amongst several different card manufacturers. Then use
>>MAC filtering so you know exactly who you are allowing access.
>>>I've got a Linksys wireless AP and router at home.
>>>I don't use WEP b/c I've had trouble getting my best friend's Mac on
>>>to the network using WEP.
>>>I usually turn off my wireless network when I leave town. I forgot to
>>>this time and came back after 3 weeks to find that there were 3 other
>>>wireless computers using my network while I was gone.
>>>At first I thought it was just the house sitter and some friends so I
>>>deleted them from the DHCP table, but low and behold two of them came
>>>back today... and the house sitter isn't in the area anymore.
>>>I could put the WEP back up or block their MAC addresses, but I'd
>>>really like to know WHO these people are. If they are friends, I'd be
>>>happy to talk to them and let them stay, but if not.... Really, I'd
>>>just like to know which of my neighbors were on my network.
>>>Which brings me to my problem. The sniffers I use can't see all the
>>>other traffic on the network (other than the computer they are
>>>installed on) and Wallwatcher or other router logs only tell me what
>>>sites these people are looking at. I think the only way I can track
>>>them down is by sniffing emails to get their names. Their web surfing
>>>isn't going to ID them for me.
>>>The sniffers say that I should use port mirroring or something like
>>>that but I can't find such a feature on the Linksys router.
>>>It seems to intriguing just to shut them out....