Viewing users on router

[Socialist]

How do I view all connections on a linksys wireless router. I belive from slow downloads and odd things that someone is using my connection.




Socialist

[Shrekkie]

Browse to http://ip.of.your.router, and look in its incoming- or outgoing-logs and its dhcp-logs.
You also could install a box with and IDS ( aka snort ) in front of it temporary. That way you'd see everything.

A good sniffer like ethereal in promiscuous mode can tell you also alot tho, before installing and ids.

Cheers

[avdven]

Assuming you haven't changed anything on your router...

Use IE to go to http://192.168.1.1
Type in your password (if you don't know it, check the manual for the default password)

I haven't worked on the newer ones, but on the older Linksys routers, all you had to do was go to the DHCP table. If someone's using it that shouldn't be, their MAC address will show up next to the IP address they're using. If you're concerned that someone's using it, set up some security measures (MAC address filtering, WEP or WPA, turn off SSID broadcasting (so people can't find the router unless they know the name, etc.). Just some basics. The manual can talk you through all of these. If it didn't come with a printed manual, it's probably on the CD that came with the router. Otherwise, just pull it off the Linksys website.

AJ

[muert0]

Here's a tutorial by Keezel on securing your wireless network:
http://www.antionline.com/showthread...eless+security
And a little more indepth read from MS posted by TH13:
http://www.antionline.com/showthread...reless+network

[hellforgedangel]

I presume you have some kind of manual that came with the router, If so that will more than likely tell you how to do it.

[Tiger Shark]

Since the probability is high on a wireless router that it is wireless connected computers causing a slowdown rather than wired it's really rather easy on a Linksys to see what is connected by wireless.

Open browser
http://192.168.1.1 or the IP of the router if you changed it
Enter the password, (default is 1234 or admin, I forget which), change it if it is the default!!!
Go Advanced - Wireless - Active MAC table...... Whoa... a Pop-up with a list of all the active MAC addresses connected to your WAP.
Note them all down.
Minimize browser.
Start - Run - type cmd <ENTER>
Type ipconfig /all <ENTER>
Find the Adapter that matches one on the list you made a note of, Check off the address on the list
Do this with all other wireless connected computers you have
Maximize browser close Active MAC pop-up
Select Edit MAC Filter Setting
A pop-up appears with spaces to add MAC addresses
Add each checked MAC address on your list and click APPLY (Do not check the boxes next to the MAC addresses - it will block them)
Close Pop-up
Select the ENABLE button above the Active MAC Table button and select APPLY at the bottom of the page
test your internet connection.

Assuming it works right they need to go and get a new wireless card now or seriously mess with you.

[hypronix]

Well that does half the job. Without much hassle somebody would just throw in their wireless card in promisc mode, sniff around who's connecting to your AP [a simple combination of AirSnort and Ethereal] and then when one of the computers isn't on spoof their own MAC to act as one of your computers. So I think you'd be better enabling encryption too, to add another deterrent to a possible unauthorized connection.

It is likely though that somebody running Windows XP didn't check off the box about auto-connection, so their computer hooks to your network... it's you hacking them, really Well, your AP.

Now I think to really get a bleeding secure [not perfect, mind you] AP you'd be setting up a box to act as the AP/router. With a good flavour of Linux and the appropriate iptables ruleset things would really get challenging for the possible intruder. But for now Tiger's suggestion is more then enough, if you see in your logs other connections make sure you take further steps in securing the network.

[spamdies]

IMHO mac filtering by itself will not provide a suffient form of security on the network. It would probly work better with the addition of a strong WEP key. Granted even WEP can be hacked, an average home network is not going to generate enough week packets in a matter of a week or two to crack the WEP key. Most of the time when a wardriver encounters a link that has wep enabled they'll just continue driving down the block to find an open access point.