Whos on my computer?

[Still_Learning]

I have two wifi routers, one is WPA encrypted because i never really use the wifi from it, and the other which is closer to my xbox 360 is open/free wifi, i guess because im too lazy to write down the WPA code and use my xbox controller to type in a long WPA code.

I checked my DHCP client list and found this



i beleive the one which says HOME is my VMware or my home network. But how can i find out who this MCKINNEY1 guy is? i think its a neighbor stealing my wifi and want to see what their doing on my network..

im guessing wireshark to sniff the traffic? but have very little experience with network sniffing.. any ideas? like can i see what sites they are visiting on my network, or actully look at their screen? I've heard of sidejacking useing Hamster & Ferret which ive heard people use for internet cafes and such, what can i do to find out what this person is doing on my network?

[ayu]

Well if you want him of your network, then just use a MAC filter on the router, or just set a password. Guess you could sniff the packets and see what he is doing, but it can take time to find the packets that you want, and then it's just to filter I guess, and follow a stream, like a chat.

Haven't really done this with wireless, but it would be possible.

[Still_Learning]

I dont want to boot them off, just see what they are doing on my network..

then from there i will determine if i want to boot them off. If its just my neighbor trying to check their email or surfing the web, im not going to be an asshole and kick them off since its not really slowing my network down that much. But if it is someone or bot sending spam or something from my network then i will filter them out. What is the easiest or best best to do this? I will need to sniff the network right?

[bad_brain]

you can use Wireshark to sniff wireless traffic...in theory...the question is if your wireless NIC driver supports promiscuous mode or not. if it don't you can't sniff packets that have another target than your own NIC, so you will have to try it out.
but well, if it doesn't work you should simply lock them out, it's YOUR network... and if it works have a little fun with analyzing their traffic, maybe you will find some unencrypted passwords, but even then you shouldn't wait too long with securing your network...

[floodhound2]

Also might want to check the routers log. Some routers can keep a log of where, times and other interesting stuff.

Anything that you decide to do please report back about your finding. Like what worked and what did not work.

Good luck and have fun.,..

[Still_Learning]

thanks..

yeah i checked the router log, did not see anything that stuck out in paticular. Doesnt wireshark sniff wireless and regular LAN traffic as well? I think i may need to do both. I read a basic wireshark tutorial and tried to power up wireshark and its not detecting any NIC card for some reason.. i have two.. a built in one on the mother board i dont use (gives me an driver error on start up), and another which i did not need to install any drivers and it works. Maybe its because the lack of a driver is why wireshark does not detect the nic card? i cant sniff anything so far without being able to select a network card interface in the options first.. i have some weird network stuff going on .. i think i had the double network problem going on , so i disabled DHCP on the second router, still doing the same thing, and my xbox 360 is not detecting the wireless network eaither, even after i reset the router with no encryption or anything, fresh reset.. cheap router problem?
btw; i am pretty sure it supports premiscious mode, as ive used wireshark before in that mode (did not understand fully what all the data meant that was being spit at me but it seemed to be working) now it is not working after i formatted my pc

[rhysh]

just do a basic arp poison

or scan his comp for open ports,or better yet,create a tunnel on your comp,then forward port 80 on your router to your computer running as a proxy,then get your comp to operate throught a second router,and have your comp log it all

then you are the controller yeah?

cmon.fuck them over,its gotta be fun for sure,who knows,maybe you could cache everything he loads and blackmail him with that porno

[DNR]

@rhysh

cmon.fuck them over,its gotta be fun for sure

I hope you are kidding, perhaps we should have some fun with _your_ IP..cmon, it'll be fun.

@SL,
try a fresh download of wireshark, you might be missing files. In as much as your neighbor gave up his security to surf on your network - you could be raided by the police looking for someone downloading illegal stuff through your network. Imagine if he is downloading kiddie porn or trying to sex chat with a child, the IP is going to lead to you. You could also lose your ISP service if he violates your TOS, how will you prove its not you or without your knowledge? The ISP doesn't care.
Lastly, what if your neighbor is an idiot, and thought he was logged into _his_ wifi AP - wifi devices can automatically log into a strong signal, on a unsecured AP. You should stop being lazy and secure your boxes.

DNR

[Still_Learning]

Yeah exactly.. thats why i want to see what they are doing on my network. Not only that but i think it would be a good learning experience to figure out how to sniff my own network traffic / see what people are doing on my LAN.

I do not care about that paticular router giving out a free wifi signal plus it gives me a good reason to learn something new. I do remember that name being logged onto my network previously also but did not really dig into it. I will try reinstalling Wireshark.. i beleive i have the newest version installed but am probuly wrong. Thats the next thing i will check out, thanks

btw: (when i was really broke and just moved into my apartment i could not afford internet or cable and had to walk 2 blocks down the street to get a free wifi signal on my laptop, so giving out a free wifi signal is kind of like my gift to the local community i guess, because i know how it is.. that maybe someones only hope of getting online for free, unless they get into WPA / WEP cracking and such.. and if they can do that then there is no reason to encrypt my other routers wifi signal)


EDIT:::::

Yeah, that worked. I reinstalled it. Also forgot to disable my firewall before when trying to sniff the traffic, my guess is that a firewall would interfere with my traffic sniffing, is that correct or no?

[floodhound2]

btw: (when i was really broke and just moved into my apartment i could not afford internet or cable and had to walk 2 blocks down the street to get a free wifi signal on my laptop, so giving out a free wifi signal is kind of like my gift to the local community i guess, because i know how it is.. that maybe someones only hope of getting online for free, unless they get into WPA / WEP cracking and such.. and if they can do that then there is no reason to encrypt my other routers wifi signal)

I am sure its all good, but just know that it is your network being employed. Thus said; it is highly possible that you could be sued or jailed for a user doing malice acts on your network.

You seem to know a bit, so if this is redundant information please excuse me otherwise Ill toss the concept out there for others that grace this post.

[DNR]

ARP, a very simple protocol, consists of merely four basic message types:

1.An ARP Request. Computer A asks the network, "Who has this IP address?"

2.An ARP Reply. Computer B tells Computer A, "I have that IP. My MAC address is [whatever it is]."

3.A Reverse ARP Request (RARP). Same concept as ARP Request, but Computer A asks, "Who has this MAC address?"

4.A RARP Reply. Computer B tells Computer A, "I have that MAC. My IP address is [whatever it is]"

only local attackers can exploit ARP's insecurities. A hacker would need either physical access to your network, or control of a machine on your local network, in order to deliver an ARP Cache Poisoning attack. ARP's insecurities can't be exploited remotely.

Man in the Middle Attack
A hacker can exploit ARP Cache Poisoning to intercept network traffic between two devices in your network. For instance, let's say the hacker wants to see all the traffic between your computer, 192.168.0.12, and your Internet router, 192.168.0.1. The hacker begins by sending a malicious ARP "reply" (for which there was no previous request) to your router, associating his computer's MAC address with 192.168.0.12

Now your router thinks the hacker's computer is your computer.

Next, the hacker sends a malicious ARP reply to your computer, associating his MAC Address with 192.168.0.1

Now your machine thinks the hacker's computer is your router.

Finally, the hacker turns on an operating system feature called IP forwarding. This feature enables the hacker's machine to forward any network traffic it receives from your computer to the router.

Now, whenever you try to go to the Internet, your computer sends the network traffic to the hacker's machine, which it then forwards to the real router. Since the hacker is still forwarding your traffic to the Internet router, you remain unaware that he is intercepting all your network traffic and perhaps also sniffing your clear text passwords or hijacking your secured Internet sessions.

--
http://www.watchguard.com/infocenter/ed ... 135324.asp
--

Try the Cain&Able software, its in the downloads section

DNR

[rhysh]

dnr, just being lgical,ive probably posted on like 4 -9 different ips,so those ips,lets remember which one is actually mine,which is a proxy and which is a victom of wardriving

which one is actually mine,take a guess,but dont post it here,maybe pm

[Still_Learning]

I've heard alot about Cain & abel, had it at one point, but didnt use it too much. I will re-check back into it.

What is the best way to prevent ARP poisioning? I guess there is not really a way to prevent it, and give out a free wifi signal huh? What about if I use my old bluesocket server which is not currently in use, as a firewall / free wifi server to help prevent attacks on my other pc's and also give the free wifi out.. would they be able to hop from that server to my main pc easily? or threw that router? I have it PW protected, just not the wifi..
man in the middle attack is the method i was typing of earlier about the ferret and the hamster utils.. "sidejacking" anyone heard of this besides me?

Rhysh; its all good dude, i dont have any hate towards them if their just trying to get a free signal but if their doing some shit i dont like on my network , its just good to know whats going on with my network..

which brings me to another question about network sniffing i just remembered..

when working at my last job, me and another employee where chatting on instant message about how he just got another job and he told me he was going to quit in 1 week.. as soon as he sent me that IM msg, the boss man in the big cubicle, stood up peaked over the wall and re-read what was posted. Which of course i allready know your boss can see everything on your PC allready , thats why i would never say anything like that over instant msg at work.. but after he read what he sent to me about him quitting soon, he made a comment about how awesome of a sniffer he had or something like that lol can a program like wireshark really capture everything said on an instant messenger program on the network?

[rhysh]

sniffing data is all the same,its just a matter of efficiency, whats quickest etc

[Still_Learning]

ok, so I noticed some weird activity with ARP..

what does this mean?..

source=whatever_3f:76:f3? (is the last part hexidecimal?) destination=broadcast, protocol=ARP, then is has a msg saying who has 192.168.1.1, tell 192.168.x.x... sounds pretty fucked to me. What would you recommend to fix it.. does that sound like a classic case of an infection or what?