noob needs help
there is a computer in my network which probably does not belong to me. i know the ip and the mac adress.
i unplugg my devices and type ping -c 1
ping -c 1 (the ip adress) in terminal on my apple computer and always get a response.
what shall i do? how can i find out who he is (besides changing my wlan password)
Blacklist his mac address in the router and look around for angry people
search vendor list according mac, this may give you a clue about what kind of device
>search vendor list according mac
it says "private"
How did you find out about this rogue client in the first place? Was he eating up your bandwidth?
Since you are on the same network you can capture his traffic with Wireshark and go from there
>How did you find out about this rogue client in the first place?
was listed on my router webpage
>Was he eating up your bandwidth?
i guess not
I assume you're using WPA2 so it's probably one of your friends who figured out the passwords and now he's piggybacking on your wifi. If that's any consolation at least he's mindful enough to not to hog all the bandwidth
Wireshark, steal his cookies
This, steal all his encrypted cookies so you will be able to do absolutely nothing with them but look like an idiot skiddo.
>capture his traffic with Wireshark and go from there
Does listening on 802.11 traffic in promiscuous mode essentially work like listening on a LAN based on hubs (i.e. all just one collision domain where all frames are flooded everywhere)? What about the encryption? Is decryption using one's own WiFi key being attempted automatically?
This
You guys are idiots and tech illiterates.
Ever heard of MAC Spoofing?
implying that a random fgt is going to do that. pls.
>newfag doesn't know his IOT lightbulbs auto connect to his LAN
holy shit man...install gentoo lol
Dude it's fucking script kiddie shit.
Any 12 year old could do it with some Windows program
disable WEP, change user/admin password on router, change wpa2 pw's with something that has 12chars with letters, digits and symbols. go on with your life.
meh, all he needs is a strong password and wep disabled.
...
If he blacklists the intruder's MAC address, all the intruder needs to do is to change his MAC address to get back in. For that sort of approach to not be trivially circumnavigated he'd need to whitelist all his trusted devices (implicitly blacklisting everything else), but even then the intruder might have noted down MAC addresses of peer nodes on the network once he was in for future reference
I believe it's still possible to spoof your MAC to be exactly the same as someone else's.
I've done it before, but I spoofed it to be the MAC address of the router.
Make sure it's wpa2-aes, use dice ware for the password, change the ssid, and setup a mac address whitelist
Yea, that's why the attacker could make later use of previously noted MAC addresses of trusted nodes on the network. To mitigate this you'd need to
- shut down the WLAN
- change the MAC address of each and every trusted node (including the router's WLAN interface)
- whitelist each of these new MAC addresses on the router
- bring the WLAN back up
Or you could remove the antennae and just use ethernet for all your machines
Eks Dee
>I spoofed it to be the MAC address of the router.
>be router
>"huh, this IP maps to my own interface's MAC address"
>"hurr, I'll make a frame and send it out into the network anyway, because why the fuck not"
You know how there's WAN IP and LAN IP? A lot of routers will happily accept Packets with the WAN IP on LAN ports
I think that the session is encrypted with a session key derived from the wpa password
So, if you listen in promiscuous mode, you will capture all and any traffic transmitted over the WLAN as if on a wired hub-based network (or listening via a monitoring/mirroring port on a managed switch)?
Ever heard of passwords being compromised in a variety of ways? Don't even bother using passwords at all dude.