You heard the old saying "were not alone". Well, the same can be said about your Wireless Home Network.
Have you ever wondered if man else is on your network, with out your knowledge, watching every site you visit or stealing catalogue information from your Gmail or bank account?
Sure you probably went to great lengths to implement and get your wireless home network, but any Network security pro will tell you Nothing is bullet proof.
While nothing is bullet proof, being proactive with monitoring can catch the un-wanted guest...off guard.
So what can you do to monitor and identify if man is wondering colse to on your home network?
You can use some uncomplicated tools, when combined, will help you see your Network and give you a view of who's online.
Note: With these tools chances of identifying man on your network increases, but will Not prevent them from gaining access to your Network. Other tools exist than described in this article, but the goal is to show you the distinct type of tools and how to use them.
1 - Firewall Logs - is a good place to start. If you have a Firewall running on your Computer or on your router, look for suspicious performance by scanning the logs for anyone out of the commonplace with inbound and outbound traffic.
One recipe you can use is to look for patterns. For example, if man was scanning your computer to see what ports are open, the logs will show continuous performance from the same Ip Address (an intruder's computer) sending a stream of data to many distinct ports to a single Ip Address or range of Ip Addresses.
Obviously, with a smart hacker, they can do many things to cover their tracks, but one thing is for sure, data must be transmitted to probe your computer, and patterns is one recipe to use for spotting issue on your Network.
2 - Dhcp Logs - if the unwanted guest is not Network savvy, or security on your router is not up to snuff, they may be able to drop in unannounced, by receiving an Ip Address from your wireless Dhcp server.
You can indeed view a list of active addresses by connecting to your router and checking the Dhcp log. For example, on my Linksys router, the log is located in the Wireless Mac Filter tab, where I can see and identify all active hosts on my Network. But this does not certify that these are the only active Pc's on my Network.
Why?
Unfortunately, a more sophisticated hacker can get colse to the need to rely on Dhcp. If they did their homework (you can be sure of that), they probably figured out the range of Ip Addresses in use on your Network, found an unused address in that range and configure their Pc with a static address.
3 - Check Who's Connecting To Your Computer - Now that you identified who the trusted computers are on your network (from the Dhcp logs), you can check who is related to your computer.
To do this, open a command prompt and enter the following command:
netstat -an
where:
a = Displays all connections and listening ports
n = Displays addresses and port numbers in numerical form
Netstat is a useful tool that displays network connections (both incoming and outgoing) on computers. This will allow you to see all Ip Addresses that have made a connection to your computer.
Netstat shows you the type of connection (Tcp or Udp), Ip Address and port amount (number after addresses separated by a colon) for both Local (your computer) and Foreign addresses.
To find your Ip Address, just enter ipconfig at the command prompt.
You should be able to indeed spot any addresses (Foreign column) that is outside the Dhcp range on your router and investigate.
You can also see what executable are complex in creating each connection by using the -b switch with the netstat command (netstat -b)
Now this is great for checking connections on your Computer, but what if man is on your Network and not related to your Computer?
4 - Scanning your entire Network - When Computers recap with each other, they do so with ports (as you saw with the netstat command). Some ports that may be familiar to you are 80 (Http), 443 (Ssl). 25 (Smtp), 110 (Pop). For example, when your Computer browses a website, it opens up port 80 and sends the invite out,
To see open ports on a Computer, a tool called Port Scanner can be used that can scan a Network and identify devices by probing for open ports.
Information that can be found is the connection type (Tcp or Udp), type of port and Ip Address.
Many Port Scanners exist, such as advanced Port Scanner (Famatech Software) and can scan a range of Ip Addresses.
By scanning a range of Ip Addresses, you can swiftly see who is on your Wireless Network and what they are doing from the list of open ports.
You can indeed find out the entire range of addresses (including addresses outside the Dhcp scope) your router uses. To do that, connect to your wireless router administration of interface and look for the router subnet mask information.
On a typical Linksys router, the default setting for the subnet mask is 255.255.255.0. Using a subnet mask calculator you can determine the range of Ip Address that can be used on your Network.
For example, the subnet mask of 255.255.255.0 with the Ip address of the router - 192.168.1.1 (Class C) has an Ip address range of 192.168.1.1 - 192.168.1.254. (Note that Dhcp reserves address 192.168.1.100 through 192.168.1.149 which means all other addresses in that range can be used as static address).
Time To Be Proactive
As you can see some of the methods used above are good for random check ups on your Wireless Home Network.
But just being proactive is not sufficient and using a blend of monitoring, tightening up security and changing your passwords often, among other items, can help from having your identity stolen.
How To Tell If person Is Lurking On Your Wireless Home Network