This is too short to be a Tutorial but I thought some of you might find it of interest. As many of you know, the Linksys WRT54G router runs Linux on a MIPS processor. With the right firmware you can do a lot more with the WRT54G then was originally intended by Linksys. This article will show you how to find out what devices have been getting an IP from the DHCP daemon that’s running on your WRT54G. You can use you imagination to see how this may be useful.
The first thing you need to do is get the modified firmware from http://h.vu.wifi-box.net/ and load it onto your Linksys. This firmware for the WRT54G lets you telnet into the router and mess around with the inner workings. If you don’t like using telnet for security reasons then try the firmware from http://www4.ncsu.edu/~bdferris/linksys_wrt54g/, it has a SSH Daemon and you may be able to do the same tricks with it. Once you have installed the firmware, telnet into the router (in most cases just “telnet 192.168.1.1” from the command line will work) and issue the command “dumpleases -f /tmp/udhcpd.leases”. Below is some sample output:
Code:
# dumpleases -f /tmp/udhcpd.leases
Hostname Mac Address IP-Address Expires in
erwin 00:c0:f0:31:98:00 192.168.1.100 13 hours, 23 minutes, 27 seconds
the-pitt 00:10:dc:91:f6:6c 192.168.1.101 16 hours, 19 minutes, 40 seconds
you-know 00:0c:41:12:f2:a3 192.168.1.102 13 hours, 19 minutes, 24 seconds
openzaurus 00:10:7a:58:37:a6 192.168.1.103 expired
terror-drome 00:00:00:00:00:00 192.168.1.106 expired
00:00:00:00:00:00 192.168.1.104 expired
00:00:00:00:00:00 192.168.1.108 expired
00:00:00:00:00:00 192.168.1.105 expired
darkness 00:0d:88:83:32:8a 192.168.1.107 expired
Knoppix 00:0c:41:12:ad:bc 192.168.1.109 expired
terror-drome 00:00:00:00:00:00 192.168.1.110 expired
Knoppix 00:02:dd:32:d0:f6 192.168.1.111 expired
00:00:00:00:00:00 192.168.1.112 expired
DigitalPrimate2 00:06:25:24:77:ff 192.168.1.113 expired
greatwhitedope 00:10:4b:a5:ad:8a 192.168.1.114 expired
greatwhitedope 00:e0:63:50:79:a3 192.168.1.115 expired
greatwhitedope 00:00:00:00:00:02 192.168.1.116 expired
greatwhitedope 00:00:00:00:00:03 192.168.1.117 expired
terror-drome 00:30:f1:43:a8:30 192.168.1.119 16 hours, 24 minutes, 36 seconds
#
#
As you can see, you now have the host name, MAC address and given IP of the devices that have used the DHCP daemon on your router recently. Notice that some of my devices have had their MAC addresses changed frequently, the is because of preparation for a previous article. You can use this lease information to help figure out who has been attaching to your router.