If you're leeching your next-door-neighbour's bandwidth wireless (or you want to check if someone's leeching yours), it is possible they can see you. Finding out more info about what you're doing is trickier though.NOTE: Because we assume you're good boys and girls and you don't steal bandwidth, we'll assume it's you who wants to protect your wireless for the purposes of this explanation, not the other way around.How to catch a thief
The first step is for you to identify the devices on your network. Your router will be running DHCP, which hands out IP addresses to devices connected to the network. Chances are it will be the one connected to your broadband modem (or your broadband modem might be built into your router). Logon and check for rogue IPs.Logging IPs and URLs
Things get a little trickier if you want to find out what someone else has been doing on your network.Your gateway’s logs will offer some information , but many routers only log HTTP traffic, generating entries such as:[ALLOW: docs.google.com] Source: 192.168.0.3 Thursday, 29 May 2008 22:26:08
To identify the culprit, use the IP address gleaned from your Attached Devices list together with logs to help identify the culprit. For example, regular visits to icetv.com.au could indicate a PVR or Media Centre computer, while lots of visits to .mobi sites could be the work of a Wi-Fi-enabled smartphone.
|Look at your router's list of attached devices|
Tracing wireless users
|Your router's logs lists IP addresses connected to which Web sites|
For a more detailed picture of network activity you’ll need to call on network intrusion software.
AirSnare monitors network traffic in close to real time, so you can watch what your uninvited guest is doing. When AirSnare detects an unfriendly MAC address, it lists the details in the bottom right window and monitors traffic in the top right window.
This reveals the traffic’s source and destination IP address and MAC addresses.Sniffing passwords
If you use an FTP client to log into a site while monitoring the adapter you use to connect to the network, Ethereal can generate a network traffic report that will show the login and password you used.
Scary stuff, indeed, and that’s just a taste of what can be done. If AirSnare reveals your intruder is accessing webmail or other online services, you can Google for a password sniffer specific to that service.
Once again, the only way to combat rogue wireless activity comes down to using WPA security and a strong password.Step by Step - how AirSnare monitors network traffic
|ABOVE: Install Airsnare, then run the AirSnare Updater and download the latest drivers for your wireless adaptor. If the software reports a missing COMDLG32.OCX, download it from www.boletrice.com/downloads/comdlg32.ocx and save it in c:\windows\system32\. (Click to enlarge)|
|ABOVE: Once AirSnare is up and running, check the Network Adaptors list, right-click on the adaptor you use to connect to your network and select Start. AirSnare will scan your network to compile a list of Unfriendly MAC addresses and mark them with a skull and crossbones. (Click to enlarge)|
|ABOVE: To add known devices to the Friendly list, close AirSnare, open c:\Program Files\AirSnare\TrustedMAC.txt and add the MAC addresses, descriptions and the last two digits of the IP address for each device. E.g. 001B2F5F66F3 Primary Router (01); 001EC2F0979C ThinkPad wireless card (06).(Click to enlarge)|
|ABOVE: Save the file, relaunch, and you’ll see a list of Friendly MAC addresses. You can also add a trusted device by right-clicking on an Unfriendly MAC Address. At first it might be easier to leave one of your computers off the Friendly list, so you get an idea of what Unfriendly traffic looks like. (Click to enlarge)|
|ABOVE: By default AirSnare also installs Ethereal (now Wireshark) - a network protocol analyser that provides a lot more detail as to what’s happening on your network. (Click to enlarge)|
|ABOVE: If you want to keep a record of network activity you can right-click on the top right window to write the current session to a text file, although all Unfriendly activity is automatically logged to Watch1.txt. (Click to enlarge)|