Hack 70. Stop Moochers from Stealing Your WiFi Bandwidth
Everyone these days seems to have a WiFi-equipped laptop or PDA. If you have a WiFi network at home or at work and you are worried that passersby might be connecting to it and stealing your bandwidth, here's what you can do.
As shown in [Hack #65], if you have a WiFi network, it's a breeze for anyone passing by to detect it. And if you haven't protected yourself properlyor if someone is dedicated enough to stealing your bandwidthmoochers can get in and suck up all your bandwidth by doing things such as downloading movies and MP3s. That means there's less bandwidth for you.
There's an easy way to find out if someone is leeching your bandwidth and then to send them alerts telling them you know they're using your bandwidth and you'd like them to get off your network. Download AirSnare, a free program which monitors your network for wireless intruders, reports on who they are, shows you their activity, and sends them warnings.
Before you install AirSnare, you need to download and install a library of tools called WinPcap, an architecture that captures and analyzes network packets. Get it from http://winpcap.polito.it/install/default.htm and follow the installation instructions.
Next, download and install AirSnare from http://home.comcast.net/~jay.deboer/airsnare.
Before you use AirSnare, you need to know the MAC address of any network card that will be using your wireless network. The MAC address is a number that uniquely identifies a network card or other piece of communications hardware. You're going to tell AirSnare that these MAC addresses are trusted ones and shouldn't be treated as intruders.
You can find out the MAC address for your PCs in several ways. One simple way is to go to a command prompt in Windows, type ipconfig /all, and press Enter. In the results you get, look for the numbers next to Physical Address, such as 00-08-A1-00-9F-32. That's the MAC address.
Copy down the MAC address for every PC on your network. Include the addresses for all your PCs, even if they connect to the network via Ethernet rather than wirelessly. For example, if you have a laptop that you sometimes connect to your network wirelessly and sometimes via Ethernet, when you issue the ipconfig /all command and press Enter you'll see two sets of entries, each of which has its MAC address. Copy down both of them.
Next, go to C:\Program Files\AirSnare, open trustedMAC.txt with WordPad, and add each MAC address (such as 00-08-A1-00-9F-32) on a new line in the file. Follow it by a space, and then type in a description of the computerfor example, 00-08-A1-00-9F-32 Preston's New Laptop.
Now go to C:\Program Files\AirSnare and run the file AirSnare.exe. You have to run the file from this location because the program doesn't install an icon on the desktop or show up as an entry in Windows' All Programs menu.
Choose your network adapter from the list that appears, and AirSnare will spring into action. Whenever it finds a MAC address on the network that you haven't told it is a friendly one, it sounds an alert and changes its screen color to red. Then it starts logging any traffic between the MAC address and the network in its Unfriendly MAC Watch Window. It gives details about all the traffic, including the port being used and the destination IP address. It also identifies common ports such as FTP, Telnet, email, web, DHCP, and other popular ports so that you have more information than just a port number.
You can save all the information to a log file by clicking the Stop button and clicking "Write to log file." All the information will be saved in a text file. Filenames start with ASlog and are followed by the date and time; for example, ASlog031605_2305.txt indicates the log was saved on March 16, 2005, at 23:05 (that's 11:05 p.m.).
Once you know someone is using your network, you want to warn them away, which you can do with the program's AirHorn module. Choose Window AirHorn Window. The screen pictured in Figure 7-19 appears. In the Server box type in your computer's hostname, or its IP address. If you're not sure what those are for your PC, use the ipconfig /all command from earlier in this hack, and get the information from there.
Figure 7-19. Sending a message to intruders
In the Send To box, enter the IP address of the computer to which you're sending a warning, which you'll find in the Unfriendly MAC Watch Window. Then, in the Send From box, type your name or how you want to be identified and type the message you want to send, as shown in Figure 7-19. Click Send Message, and the warning will be sent on its merry way.
There's only one problem with this warning module: it works only if both you and the person on the other end have the Windows Messenger service turned on. The Windows Messenger service isn't the Windows Messenger chat program. Rather, it's used to send notifications over local area networksfor example, when a network administrator warns users that a server is about to be taken down. Because the Windows Messenger service has frequently been used to send spam, though, many people have turned it off. And XP SP2 turns it off by default [Hack #33] . So, don't count on this part of the program working.
7.7.1. Hacking the Hack
Knowing that you have a bandwidth moocher is one thing, but kicking him off your network is another thing entirely. Sometimes a warning will suffice, but if one of you isn't using the Windows Messenger service, you won't even be able to warn him. So, what to do if you can't get through, or you can get through and the moocher ignores you?
You can kick him off your network using your wireless router's built-in capabilities. How you do this varies from router to router, but here's how to do it using the Linksys BEFW11S4. Go to the administrator's screen by going to http://192.168.1.1. Leave the username blank, type admin for the password, and press Enter. (If you've changed the username and password from the default, use those instead.)
Next, click Status, and from the screen that appears, click Local Network. A page will appear with basic information about your router. Click DHCP Client Table, and you'll see a list of all the devices on the network with their IP addresses and MAC addresses, as shown in Figure 7-20. Check the box next to the intruder and click Delete, and he'll be kicked off your network.
Figure 7-20. Kicking WiFi bandwidth moochers off your network by deleting them from the IP table
To make sure he can't get on again, you can tell your wireless router not to allow him onto your network. In my example of a Linksys router, log on to the administrator's screen and click Security. From the page that appears, click Edit MAC Filter Setting. On the Filtered MAC Address page that appears, you'll be able to ban devices with specific MAC addresses from getting onto your network. Type in the MAC address in an empty box, and click Apply. From now on the intruder will be barred.
Of course, someone else at some point might try to get on as well. Your best bet to keep out intruders is to use encryption and to limit the number of IP addresses on your network. Also, refer to [Hack #68] for several additional security measures you can take.
7.7.2. See Also