Recommended Posts

Looking at my router, I see a bunch of connections and whereas I can ID some of them, there are some that I have no idea what they are, and MAC address lookup doesn't help narrow it down either (get some generic company name in China). I know what should be connected, but I am seeing some items that are named similar to one of the PC's on the network, but it is showing wireless as opposed to a wired connection, and the IP address is different as well. So I wonder if there is a good program that can scan the network and give me a map of what is connected. I know these programs exist, I am just not familiar with specifics (name, type, etc)

There is the fing app which could help.

https://www.fing.com/products/fing-app

 

Also that HE tool you just installed can scan the network via ping, has a bonjour browser, port scanner and ssl scanner all of which can be used to gather intel for stuff on your network...

 

Another option if wireless - change your psk.. You will find out what is what when it no longer connects ;)

  • Like 2
4 hours ago, BudMan said:

There is the fing app which could help.

https://www.fing.com/products/fing-app

 

Also that HE tool you just installed can scan the network via ping, has a bonjour browser, port scanner and ssl scanner all of which can be used to gather intel for stuff on your network...

 

Another option if wireless - change your psk.. You will find out what is what when it no longer connects ;)

Thanks, Fing worked great, I only have device that I can not ID, and it has this MAC address: 66:F4:39:1B:30:04 which seems to not exist.

1 hour ago, BudMan said:

Can you ping it?  Do a port scan on it, ports open can tell you a lot - try to connect to them.. See what info they send back, etc.

It responds to ping with an average of 140ms, can not connect to it, and can not get any other info from it. I think it might be a switch, we have 2 plus the PoE one.

9 minutes ago, jnelsoninjax said:

It responds to ping with an average of 140ms, can not connect to it, and can not get any other info from it. I think it might be a switch, we have 2 plus the PoE one.

 scan ports on it

 

https://www.advanced-port-scanner.com/

20 hours ago, adrynalyne said:

I doubt it’s a switch unless it’s managed. Block it and then go around the house until you find out what lost internet access. 

By process of elimination I determined it must be a smart plug, as that was the only device that was not showing up in the scans.

  • Like 2

scan all ports, not till 1023. It can be a proxy on 8080, or TOR vpn on 25620

 

ps: dont waste your time and just block it on your router security tab

 

8979879.JPG.6f256a9fc5ba21c77634d935cd2f48e5.JPG

OK, so now I am thinking it is not a smart plug:

Capture.thumb.PNG.225e0ca880d9a0d38f31a0789feace84.PNGCapture-1.PNG.68fe7ca1464c1efe144844bbd093f03d.PNG

 

It is possible that it is a cell phone, but the MAC Address does not share that assessment. The top phone is mine, and the other 2 phones in the house are Pixel 3a's, yet only one is showing.

15 hours ago, spikey_richie said:

Neighbour with an android tablet taking a free ride on your wifi? Can you block the MAC address in your router?

There is no way any neighbor is on our WiFi without our permission. Second, I don't know of any tablets that run Android 11. Third, it has disappeared. So I am thinking it was never there to start with, because it never showed up in the routers list of connected devices, just in the network map which I have spent a bit of time renaming objects so I have a really good idea of what is connected to the network now.

57 minutes ago, jnelsoninjax said:

There is no way any neighbor is on our WiFi without our permission. Second, I don't know of any tablets that run Android 11. Third, it has disappeared. So I am thinking it was never there to start with, because it never showed up in the routers list of connected devices, just in the network map which I have spent a bit of time renaming objects so I have a really good idea of what is connected to the network now.

Couldn't that just be someone passing your house in a car and it's picking up your wi-fi?

51 minutes ago, Mindovermaster said:

Couldn't that just be someone passing your house in a car and it's picking up your wi-fi?

Unlikely, we live at the end of a cul-de-sac, and we do not have a guest access to the network, so unless you know the password, there is no way you could get on to it.

14 minutes ago, jnelsoninjax said:

Unlikely, we live at the end of a cul-de-sac, and we do not have a guest access to the network, so unless you know the password, there is no way you could get on to it.

I meant that the phone just connected to the wireless, not that it got into it.

Many phones now default to using private mac addresses, you know for your "privacy" ;)

 

its quite possible for them to just use some mac that is not assigned to anyone..

 

edit: Just turned that on my iphone, and it uses mac that starts with f6:be:d0 which is not assigned to any company.

 

If was some sort of smart switch or lightbulb - they normally spew broadcast traffic... Just sitting there doing NOTHING.. So you could sniff and see if your seeing anything coming from the IP in question..

 

couple of seconds worth

 

11:35:19.877053 IP 192.168.4.62.62510 > 255.255.255.255.6667: UDP, length 172
11:35:23.325236 IP 192.168.4.65.62510 > 255.255.255.255.6667: UDP, length 172
11:35:24.236105 IP 192.168.4.61.62510 > 255.255.255.255.6667: UDP, length 172
11:35:24.257631 IP 192.168.4.63.62510 > 255.255.255.255.6667: UDP, length 172
11:35:24.494970 IP 192.168.4.56.62773 > 255.255.255.255.6667: UDP, length 172
11:35:24.555234 IP 192.168.4.58.60643 > 255.255.255.255.6667: UDP, length 172
11:35:24.572333 IP 192.168.4.50.57878 > 255.255.255.255.6667: UDP, length 172
11:35:24.576434 IP 192.168.4.57.58037 > 255.255.255.255.6667: UDP, length 172
11:35:24.577984 IP 192.168.4.59.52645 > 255.255.255.255.6667: UDP, length 172
11:35:24.587518 IP 192.168.4.52.57145 > 255.255.255.255.6667: UDP, length 172
11:35:24.590001 IP 192.168.4.72.52019 > 255.255.255.255.6667: UDP, length 172
11:35:24.591672 IP 192.168.4.55.49446 > 255.255.255.255.6667: UDP, length 172
11:35:24.596080 IP 192.168.4.71.57237 > 255.255.255.255.6667: UDP, length 172
11:35:24.604326 IP 192.168.4.53.52424 > 255.255.255.255.6667: UDP, length 172
11:35:24.606890 IP 192.168.4.51.52601 > 255.255.255.255.6667: UDP, length 172
11:35:24.610743 IP 192.168.4.54.63418 > 255.255.255.255.6667: UDP, length 172
11:35:24.882483 IP 192.168.4.62.62510 > 255.255.255.255.6667: UDP, length 172

 

 

 

 

That makes sense, the other thing I realized it could have been was my niece's girlfriend who spent a few nights over here, she had a phone, so it would make sense that it might have seen the network and tried to connect but didn't. At this point I do not care what it was, it is gone now, so that is good.

>tried to connect but didn't.

 

So it was just showing you stuff that was in the area? And it was never connected to your network?  Then how did it get an IP ;)

 

Example here is snip of list of other wifi stuff unifi ap see, just in the last hour

 

seen.thumb.png.4b2ba124c8f86329db28ceb5fcf80344.png

 

Here is last 7 days ;)

 

7days.png.27ab46bb2b94bc3e06df29966c051db7.png

 

That's a lot of stuff ;)

 

Also can see which AP picked it up, etc.

 

Your niece friend phone is most likely what it was - but unless your network is just OPEN, she would of needed to auth to get an IP.

 

I would assume many of them are phones that walk by - with their wifi hotspots on.  Or as you see here cars that drive by the house ;)  You can see that was seen by 2 of my AP as it drove by..

 

car.thumb.png.19b4a840f3e6bda0c55f3ef710ab1085.png

 

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.