How to find any computers on the network or hotspot (WinXP)
in [Wireless Internet]
|
Prev: Simple Hack To Get $2500 To Your PayPal Account.
Next: NEWS: Apple unsure when it will be able to meet demand for iPhone 4, iPad
From: Peter Pan on 21 Jul 2010 15:02 "Fuller" <fuller_w(a)Use-Author-Supplied-Address.invalid> wrote in message news:i27e0v$9fo$1(a)tioat.net... > > - Why don't I see MY computers on MY network? > Specifically, if an intruder has attached to MY network, how do I see HIM > on MY network (if I can't even see my own computers known to be on MY > network)! > > BTW, the same thing would happen at a hotspot - but I realize this makes > you all jumpy: > - How would I know if an intruder has attached to MY computer at the > hotspot (it seems hotspots get you guys all worked up so please just > concentrate on how I would find if someone had attached to MY computer at > the hotspot). > > Thanks in advance. > I'm following Jeff's astute information; the rest so far were less than > helpful (and probably misunderstood the question). it gets even worse/wierder, most programs for windows will only show KNOWN WINDOWS servers (ie won't see linux, ipod, tivo etc) for your own network, you can just go to the wap admin page and see whats currently connected (but even that wont show everything) for instance, mine shows Client Name Assign IP Address Owners-iPod 192.168.1.105 GATEWAY 192.168.1.106 toshiba 192.168.1.111 but the tivos and linux server don't show (ipod shows, gateway and toshiba are running windows with sharing on and show, other computer doesn't show cause its sharing is turned off) jeffs post will show the ip addys being used, but the second part will only show windows named servers
From: Fuller on 21 Jul 2010 15:11 On Wed, 21 Jul 2010 11:36:26 -0700, Mike Easter wrote: > If you are interested in investigating any problems with network > interference in your area (or rogue access points) something like > NetStumbler might help you Hi Mike, Thanks for the pointers. I first installed the netstumbler, which, as documented, nicely turned off the wireless zero configuration (WZC) so that I can't accidentally connect. It showed me muuuch more than I though I had in my wireless area - but it did NOT show me anything about my own internal network which is the information I'm after. It's looking in the wrong direction. BTW, accidentally, using netstumbler, I did fortuitously notice my Linksys WRT54G router and another router on a nearby channel (but with a different MAC address) both had "linksys" as the router names! I had left mine at the default; apparently so did one of my neighbors! Who knows who was connecting to whom! So that was amazing as a start that perhaps I've accidentally been connecting to the wrong router! I would never have known that if I hadn't tried your suggestion. Thanks. FWIW, I promptly changed my router name to "wrt54g" so that I could tell the difference between my router and my neighbors and I wrote down my router's MAC address from netstumbler which I hadn't known prior - so it wasn't a total waste to install and test it out. Thanks for the pointer (but I'm not trying to find networks I can connect to ... I'm trying to find networks that are connecting to me). As for Wallwatcher, I'll try that next. I had never turned on the logs for the Linksys WRT54G (don't know how) but I will look that up first and try that so see if it shows someone connecting to my network and report back.
From: Fuller on 21 Jul 2010 15:17 On Wed, 21 Jul 2010 11:41:14 -0700, John Navas wrote: >>You guys are a suspicious bunch. I guess you're that way by nature. :) >>What I'm trying to do is find computers on MY network. > Because... Because I want to know if anyone else is connecting to my network. So I first looked to see what computers were on my network (of which I have a few in the house). I couldn't even see my own computers on my own network, let alone someone elses' computer breaking into my network. So, if I could see my own computers on my own network, that would be the first step. The second step would be to see if a rougue (to use a term you guys seem to use) to see if a rougue computer was attaching to my network. NOTE: So far I tested "net view" "arp -a" and "nbstate -n", none of which can see the other computers that I know are on my network because they are my own computers. I'll keep digging given the hints Jeff and Mike provided and report back the results when I can finally see my own computers on my own network.
From: John Navas on 21 Jul 2010 15:51 On Wed, 21 Jul 2010 19:17:23 +0000 (UTC), in <i27h3s$a8t$1(a)tioat.net>, Fuller <fuller_w(a)Use-Author-Supplied-Address.invalid> wrote: >On Wed, 21 Jul 2010 11:41:14 -0700, John Navas wrote: >>>You guys are a suspicious bunch. I guess you're that way by nature. :) >>>What I'm trying to do is find computers on MY network. >> Because... > >Because I want to know if anyone else is connecting to my network. <http://en.wikipedia.org/wiki/Network_intrusion_detection_system> -- John FAQ for Wireless Internet: <http://wireless.navas.us> FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
From: Fuller on 21 Jul 2010 16:01
On Wed, 21 Jul 2010 11:59:20 -0700, Jeff Liebermann wrote: >>C:\bin\> net view >>System error 6118 has occurred. >>The list of servers for this workgroup is not currently available > > You have file and print sharing disabled on your unspecified operating > system. I'm assuming Windoze XP SP3. Hi Jeff, Yes, it's Windows XP SP3. With a Linksys WRT54G wireless router. > [arp -a] should show the MAC and IP address of your unspecified maker > and model internet router. Hmmm... maybe the netstumbler test messed things up. I rebooted everything, first the ISP, then the routers, then the computers. Here's what I now get: Microsoft Windows XP [Version 5.1.2600] C:\bin> arp -a Interface: 10.20.30.200 --- 0x3 Internet Address Physical Address Type 10.20.30.40 00-16-b6-53-23-95 dynamic > you're not going to see the rest of your ISP's customers > machines. The router at the ISP is always configured to prevent this. I'm not trying to see their machines. I'm just trying to see MY machines. And, if it exists, I'm trying to see if any additional "rogue" machine is connecting to MY network. Re-running the nbtstat -n, I get: C:\bin> nbtstat -n LAN: Node IpAddress: [0.0.0.0] Scope Id: [] No names in cache WAN: Node IpAddress: [10.20.30.200] Scope Id: [] NetBIOS Local Name Table Name Type Status --------------------------------------------- BORONA <00> UNIQUE Registered BORONA <20> UNIQUE Registered OFFICE <00> GROUP Registered > Also, compare your output with mine. See anything different? > Name Type Status > -------------------------------------------- > CHOLESTEROL3 <00> UNIQUE Registered > WORKGROUP <00> GROUP Registered > CHOLESTEROL3 <20> UNIQUE Registered > WORKGROUP <1E> GROUP Registered > WORKGROUP <1D> UNIQUE Registered > ..__MSBROWSE__.<01> GROUP Registered Yes, I see you have MSBROWSE (as you noted) and I do not. Both of us have the "20 File Server Service" which shows file sharing is enabled. > I'm not sure why 'net view' would fail if it's really > enabled. Firewall rules problem? Virus? Key Logger? I re-ran "net view" without the freeware software firewall but got the same results. C:\bin> net view System error 6118 has occurred. The list of servers for this workgroup is not currently available > You might consider answering my previous questions: > 1. What do mean by "see"? What information do you want? A: I just want to see my own computers and, only if a rogue computer is also connecting to my home network, I want to see that. > 2. What are you trying to accomplish? A: I want to know if/when a rogue computer connects to my network. > 3. Why are you trying to hack computers that do not belong to you in > a coffee shop? A: I was trying to ask the more general question which is to see what computers are connecting to me no matter what network I am on. > 4. Add one more. What do you have for hardware, how is it configured > (IP layout), and where is the wireless in the puzzle? I have 4 Windows XP SP3 computers tied to a simple home network with a Linksys WRT54G wireless router as the common point. I have some networking skills (not much, but some) so I've long ago modified the router settings to not have the standard IP address (not 192.168.1.1 for example). I turned off DNS caching services (because of thrashing due to a large hosts file) but I've not implemented MAC filtering. I am having trouble experimenting with nmap (am debugging something called winpcap) will report back when I get it running. |