Who is on my wifi ?

Luke · July 28, 2012, 01:13:24 PM

Hello. How can i check who is connected to my wifi. I know there is way with router site but is there another way with terminal or any program ? Thank you

Luke

nogravity · July 28, 2012, 02:04:53 PM

you can try with nmap.

r083rt · July 28, 2012, 02:36:09 PM

there is many ways

1 ) most obvious login to you router and check the dhcp listsings
2 ) use wireshark
3 ) nmap
4 ) ettercap

the list goes on

you use ettercap and arp the network use h and then l to lists hosts
if there is have some fun with them using etterfilters and metasploit

heres something I threw together for a simple hosts scan

** Note this is not a stealth scan nor IDS avoidance its for your home network you can adjust the nmap phrams to suit your required needs

Code Select


hostscan () {
## hostscan snippet for www.blackbuntu.com // r083rt
Ip=$(ifconfig | grep 'inet addr' | cut -d':' -f2 | awk '{print $1}' | grep -Ev 127.0.0.1)
Nmap=$(ip route show default | awk '/default/ {print $3 "/"24}')
Gateway=$(ip route show default | awk '/default/ {print $3 }')
echo "" ;sudo nmap -O $Nmap --exclude "$Ip","$Gateway"  | grep -e 'Nmap scan report for' | grep -Ev 'Nmap scan report for [0-9]' | awk '{print "\033[1;32m UserID\033[0m " $5  "\033[1;31m IP\033[0m" , $6 }' | grep -Ev 'UserID [0-9]' | sed 's/[)(]//g';echo
}

copy and paste his into your bashrc

open a terminal and run : hostscan

this is a quick dirty example of what you can do

If you want me to increase stealth and mod it i.e improve it let me know Ill add and edit nmap switches to grab more info etc etc and create a host of scans

weVeg · July 28, 2012, 04:04:20 PM

looking at arp table, isn't it simple?

Code Select

arp -a

nmap have already option to scan whole network, is -sn option, with CIDR /8 /16 /24, /24 means 255.255.255.0 and so on...

r083rt · July 28, 2012, 04:07:04 PM

very simple let very boring ;)

as I SAID there is many ways your option is another way

I just gave him a host of options ;D

a better option would be using arpscan !!!! there is a lot more switches to play with

Code Select


sudo apt-get -y install arp-scan
sudo arp-scan -l

weVeg · July 28, 2012, 04:16:47 PM

if you have time to waste use ettercap or wireshark or what you want, if you simply and quickly want to see who is connected use arp....

r083rt · July 28, 2012, 04:21:36 PM

Im not posting this for One-upmanship

Weveg I have a lot of respect you and what you do on the forum

Im posting a host of options for the user to help him learn

posting "arp -a" is not exactly giving a lot of info regarding 'what other ways' as he did ask what other ways is there

we are here to help the users to learn and give as much info to help them move along so they can help the ones under them
is'nt that the way it works i.e linux community

while no one is about spoon feeding it is important to help the beginner to a stage where he or she can start to navigate and
do things on there own and hen they can take over and help others

Yes nmap does have that option I did it a different waY to pipe and remove the gateway and IP while this can be done through map
I decided to it my way !!!! like it or hate it... it works

FGS you can't win for losing on this forum

Luke · July 28, 2012, 07:38:01 PM

Thank you guys, i see you are knowledgeable in linux, but simple is better for me now. I dont understand MANY things in linux. I use linux for 1 week so i must learn :)

dubstep@dubstep:~$ sudo arp-scan -l
ioctl: Cannot assign requested address
WARNING: Could not obtain IP address for interface eth0. Using 0.0.0.0 for
the source address, which is probably not what you want.
Either configure eth0 with an IP address, or manually specify the address
with the --arpspa option.
Interface: eth0, datalink type: EN10MB (Ethernet)
ERROR: Could not obtain interface IP address and netmask
ERROR: pcap_lookupnet: eth0: no IPv4 address assigned

Everyday errors :(

weVeg · July 28, 2012, 08:06:21 PM

i don't know this tool, but have you read the man page? even --help? your request is off topic, and you should open another 3d, you have to know how arp is.
Reading the error that you have posted, eth0 have not an IP address 'cause your are connected with wlan0, reading the first line of the man page [ 0 ], you must specify the interface otherwise "The network interface to use can be specified with the --interface option. If this option is not present, arp-scan will search the system interface list for the lowest numbered, configured up interface (excluding loopback).By default, the ARP packets are sent to the Ethernet broadcast address, ff:ff:ff:ff:ff:ff, but that can be changed with the --destaddr option. ". Luke, we know that you are new on linux world, so keep in mind which man page, --help, and google are the most important resources that you have to use!

[ 0 ] http://linux.die.net/man/1/arp-scan

Luke · July 28, 2012, 08:10:55 PM

Sorry, i am not perfect in english so its hard to understand what they said in help :-\ :-X

weVeg · July 28, 2012, 08:29:18 PM

Ok, i understand your trouble, but you can learn step by step english, or you can translate with google, or you can googling and found someone from your country that have used arp-scan and explained how to use it, or you can found man page in your own language... there are a lot of possibility, only "wish" !!

r083rt · July 28, 2012, 09:41:16 PM

as weveg pointed out nicely ...

1 ) please read the man pages
2 ) the interface is not connected

you must selected the interface you are using if you are not connected to lan it will fail on just sudo arp-scan -l

Code Select


arp-scan --help

to use an interface use the -I switch

Code Select


sudo arp-scan -l -I wlan0

enjoy