Finding client mac address,

[frogger]

Hello @LL,

Iám trying to find a windows program to find the mac address of clients.
If I connect to my router it finds the mac addresses of the connect devices.
That's good of course. Because I have a lot off neighbours also with wireless client I want to block those devices by mac filtering. Does anyone know what tool I need to use?

 

[coxhaus]

I just use my wireless router to figure out MAC addresses. When clients connect to the router it will build a list of MAC addresses and names. I would use some forum of security to limit connects. You can use your MAC list to create an access list by MAC.

 

[frogger]

Hello coxhaus,

I also use my router to find mac addresses. But I have a lot off neighbor's
who also have router and connect with there clients. I want the mac addresses of those clients. So my router doesn't need to answer these clients. I have done some testing a night wifi is faster (wan disabled) then by day time. So I know there are a lot of wifi points @ least 15. So if I could block client mac of other clients (not routers I see them thanks to merlin in survey tab. I have for example a wifi stick with mac but I can't find it without access to the router. So how do I find it?? what software do I need because the stick is send (broadcast) and finds other routers!

 

[coxhaus]

I don’t think you will be able to accomplish what you want even if you had the MAC addresses and set up blocks you are processing their traffic.

 

[stevech]

Hello @LL,

Iám trying to find a windows program to find the mac address of clients.
If I connect to my router it finds the mac addresses of the connect devices.
That's good of course. Because I have a lot off neighbours also with wireless client I want to block those devices by mac filtering. Does anyone know what tool I need to use?

If you have your WiFi router's WEP or WPA enabled and have a proper password, and a unique SSID, your neighbors' WiFi clients cannot obtain via DHCP an IP address, nor fake a static IP and access your LAN.

MAC addresses don't matter.
Your trust has to be in WEP/WPA.

 

[Mark Uhde]

If you have your WiFi router's WEP or WPA enabled and have a proper password, and a unique SSID, your neighbors' WiFi clients cannot obtain via DHCP an IP address, nor fake a static IP and access your LAN.

MAC addresses don't matter.
Your trust has to be in WEP/WPA.

Steve, WEP is no more secure than MAC filtering. Both are crackable in seconds.

WPA is better, but it's still not good enough.

WPA2-AES (not mixed mode) is essential if you want to be secure, with a passphrase of at least 16 characters.

 

[stevech]

I just use my wireless router to figure out MAC addresses. When clients connect to the router it will build a list of MAC addresses and names. I would use some forum of security to limit connects. You can use your MAC list to create an access list by MAC.

MAC addresses are easily spoofed. Better to rely on WiFi encryption for access limitation.

 

[Mark Uhde]

MAC addresses are easily spoofed. Better to rely on WiFi encryption for access limitation.

And WEP is cracked in seconds. Same thing. Need to use WPA2-AES

 

[stevech]

WEP paranoia is justified if you live near a college dorm, or you are rich and famous, giving someone motive and proximity.

But yes, WPA is advised.

 

[Mark Uhde]

Remember steve, even if you don't care about security (and honestly, WEP is no different security-wise from MAC filtering), using WEP or WPA will lock out 802.11n rates on modern hardware.

 

[stevech]

you mean WPA vs. WPA2, and supporting 11n?

 

[Mark Uhde]

you mean WPA vs. WPA2, and supporting 11n?

Yes, fully 802.11n compliant clients and access points will refuse to operate in 802.11n mode unless the network is either:

- Unencrypted
- WPA2-only (no WPA or WPA/WPA2 mixed mode), AES-only (no TKIP or TKIP/AES mixed mode)

This is to discourage use of broken encryption schemes and to break the idea of "well, WEP is horribly insecure but it's good enough and it's more compatible" - because it's not more compatible, it's far less compatible

That said, I really do believe WPA/TKIP is good enough for most users. Unlike the horribly broken WEP, WPA/TKIP takes a good amount of effort to crack and with a strong passphrase is fairly secure. But the IEEE doesn't believe it's good enough and therefore it can't be used with 802.11n.

 

[stevech]

I claim that the hysteria and herd mentality about WiFi encryption cracking is just that. For 99.9% of us, excluding dorm roomers, there is simply a lack of motive and proximity to crack.

Now public-spaces WiFi (coffee shops) is a different story. HTTPS/SSL should be OK for you to access your bank account while at Starbucks, but I feel uneasy. Also, "Honeypot" WiFi (SSID=freeForALL) is for the naive.

 

[Mark Uhde]

I claim that the hysteria and herd mentality about WiFi encryption cracking is just that. For 99.9% of us, excluding dorm roomers, there is simply a lack of motive and proximity to crack.

Now public-spaces WiFi (coffee shops) is a different story. HTTPS/SSL should be OK for you to access your bank account while at Starbucks, but I feel uneasy. Also, "Honeypot" WiFi (SSID=freeForALL) is for the naive.

I agree with you regarding WPA, but not WEP. WEP is just so easy to crack it's not even funny - it's similar in difficulty to spoofing a MAC address.

Anyways, what we think doesn't matter - I'm not going to use WPA mixed mode for my clients simply because I'm not going to disable 802.11n.

Now, for public Wi-Fi, I use whatever Wi-Fi I can get on all the time. SSL is something we depend on for privacy against the big wide unencrypted Internet itself. An unencrypted last mile at a coffee shop is no bigger than issue than the Internet itself. SSL isn't perfect but it's very secure and I totally trust it for my banking, etc. I'm not sure I'd trust it against say, spies if I worked for the government.

 

[stevech]

yes, and here's a curious fact..
as we use voice and data (dial-up or DSL), that green phone cross-box on the curb is rarely locked. Clip-on and hear landline voice or bridge on to DSL.

Back in the celluar switching center, or the copper wire phone co. office, there are hoards of people who can just jack-in and eavesdrop by analog or digital means. But these post-deregulation era employees/contractors are infinitely trustworthy, right?

For decades, no one worried about the above.

Kind of like the Internet's routers and switches - but at least most are SSL protected, unlike POTS/cellular.