This is too short to be a Tutorial but I thought some of you might find it of interest. As many of you know, the Linksys WRT54G router runs Linux on a MIPS processor. With the right firmware you can do a lot more with the WRT54G then was originally intended by Linksys. This article will show you how to find out what devices have been getting an IP from the DHCP daemon that’s running on your WRT54G. You can use you imagination to see how this may be useful.

The first thing you need to do is get the modified firmware from and load it onto your Linksys. This firmware for the WRT54G lets you telnet into the router and mess around with the inner workings. If you don’t like using telnet for security reasons then try the firmware from, it has a SSH Daemon and you may be able to do the same tricks with it. Once you have installed the firmware, telnet into the router (in most cases just “telnet” from the command line will work) and issue the command “dumpleases -f /tmp/udhcpd.leases”. Below is some sample output:
# dumpleases -f /tmp/udhcpd.leases
Hostname         Mac Address       IP-Address      Expires in
erwin            00:c0:f0:31:98:00   13 hours, 23 minutes, 27 seconds
the-pitt         00:10:dc:91:f6:6c   16 hours, 19 minutes, 40 seconds
you-know         00:0c:41:12:f2:a3   13 hours, 19 minutes, 24 seconds
openzaurus       00:10:7a:58:37:a6   expired
terror-drome     00:00:00:00:00:00   expired
                 00:00:00:00:00:00   expired
                 00:00:00:00:00:00   expired
                 00:00:00:00:00:00   expired
darkness         00:0d:88:83:32:8a   expired
Knoppix          00:0c:41:12:ad:bc   expired
terror-drome     00:00:00:00:00:00   expired
Knoppix          00:02:dd:32:d0:f6   expired
                 00:00:00:00:00:00   expired
DigitalPrimate2  00:06:25:24:77:ff   expired
greatwhitedope   00:10:4b:a5:ad:8a   expired
greatwhitedope   00:e0:63:50:79:a3   expired
greatwhitedope   00:00:00:00:00:02   expired
greatwhitedope   00:00:00:00:00:03   expired
terror-drome     00:30:f1:43:a8:30   16 hours, 24 minutes, 36 seconds
As you can see, you now have the host name, MAC address and given IP of the devices that have used the DHCP daemon on your router recently. Notice that some of my devices have had their MAC addresses changed frequently, the is because of preparation for a previous article. You can use this lease information to help figure out who has been attaching to your router.