KisMac Beginner HELP "seeing bandwidth leechers"?
Posted: Tue Jan 30, 2007 3:10 am
1-29-07
PLEASE, I need some KisMac 0.21a, help from anyone that really knows. I've done a lot of online searching, and the KisMac documentation is limited and hard to find, the manual is skimpy for a rookie like me to begin with.
I'm NOT interested in getting onto any networks, just finding out if anyone is on mine. I live on the 2nd floor, rear, in a 5 story building, in a major city, with lots of signals around me. KisMac is fairly simple it seems, "settings wise", if you just want to monitor in "PASSIVE MODE", and see how might be leeching your airwaves. I believe I have it setup correctly, and it seems to work properly, I just don't KNOW how to read the results, or if in fact they are really accurate in my case.
MY WIRELESS SETUP:
I have really old original Airport card 802.1, inside my Titanium laptop running OS 10.4.8.
DSL "XyZel Modem", runs Ethernet cable to,
Buffalo (WLA-G54C) "WAP - Wireless Compact Repeater Bridge-g".
KEY POINT: For reasons to NOT add length to this plea for assistance, for NOW, I am forced to use WEP security, I realize it has extreme limitations, and not that secure to begin with.
KisMac, in "Passive Mode":
I have run a KisMac scan (30 minutes or so), I then select my own network, and click on the "magnifying icon", for details of MY network. This new window is supposed to show any "Clients", and "Vendors", I saw a bunch more then my own recognized devices, which are the three listed at the top here:
DETAILS WINDOW:
MY "vendor" HARDWARE, one expects to see in the list:
"ZYXEL COMMUNICATION", this is the DSL modem.
"Melco Inc.", this is the Buffalo WAP.
"Broadcast", at FF:FF:FF:FF:FF:FF, I suspect this is normal, have seen this in others screen shots.
*** ones I can't account for:
"Intel Corporate", this shows up THREE times in the list with different "Client" addresses.
"unknown", show up THREE times in the list, different Client addresses for each.
"CAMEO COMMUNICATIONS INC"
Hon Hai Precision Ind Co Ltd", this show up twice in the list, different Client addresses.
Belkin Corporation
SOLOMON EXTREME INTERNATIONAL LTD
*** A TOTAL OF 13, only three I can vouch for!
*** NONE of the other "Vendor - Devices", show anything other then ZERO in the "SIGNAL" column, and "SENT BYTES" column, but do show tiny "KiB" numbers in the "recv. Bytes" column. Not sure what that means?
These results led me to believe that indeed one or more "folks" in my area may be leeching airwaves.
TEST I PERFORMED NEXT, (all about 30 minutes or so):
Before doing any MAC address banning in the Buffalo setup, from what I've read that can be SPOOFED anyway. I changed the wireless network Password, then ran KisMac again. I made sure my laptop was NOT connected to any of my other devices, like USB wireless "logitech" mouse, or external firewire drives, basically the laptop was running off battery and connected to the Airport network, nothing else should show up I ASSUME?
I see the same three above that I can account for as my own gear.
*** ones I can't account for:
"Intel Corporate", this shows up TWICE in the list with different "Client" addresses. That's a low total of just FIVE, three I know are my own devices.
NOTHING ELSE after that, so for the time being I felt other then the "Intel Corporate", which might be some defualt, maybe I was okay!
I quit KisMac, ran a BitTorrent all night giving out lots of packets over the air, just to see what would happen the next day.
TESTED NETWORK AGAIN: Next morning I ran KisMac again. Now the list has grown from the previous nights list of FIVE. These results look BAD to me.
*** Again, no numbers other then ZERO in the "SIGNAL" column, and "SENT BYTES" column, but do show tiny "KiB" numbers in the "recv. Bytes" column.
QUESTIONS:
Since it was overnight I left the network ON, with the NEW password, is it possible one or more folks are sitting there paying attention and then ran a hacking program and once again have the NEW password. I realize WEP can be cracked in 10 minutes or less in ideal cases. But I find it odd that a whole bunch of "Vendors" once again show up the next day in the details window, is this really ACCURATE as to what is connected to my wireless network? I realize one person's "network" could show up as more then one "device". But I now see 13 separate "vendor devices", of which only THREE I can really account for, and that's with not knowing what if anything the "Intel" one is.
Wondering what the "Intel Corporate" Vendor and addresses mean? Since as I've mentioned, seen this in someone else's screenshot, and it shows up in my list more then once. Also without being connected to any other hardware, how can or should anything other then my own devices show up in my own networks details list? And if they are showing up, does that mean my wireless network is being compromised?
Does the ZERO "sent bytes" mean anything, my TWO devices are the ONLY ones that show as SENDING anything in the "sent bytes" column, but all the other vendor - devices are showing something under the "recv. Bytes" column, mine show ZERO in that column. Confused on what this data really means?
I can't be changing my WEP password every few hours, unless I am NOT understanding the KisMac "details" window or have some major setting in the program, totally wrong. I'm able to duplicate these results, give or take a few in the client list. Ideally I would not be concerned if I only saw the THREE vendor devices I am aware of, that are my own.
Sorry for the long post, any help is appreciated in attempting to understand the KisMac data, or proper setup. If even one person has access to my e-mail, or internet traffic, then I will have to pull the plug on the wireless and go hard wired. WEP is the only option for my current setup, and those details are unimportant at least for this plea for help. THANK YOU!
PLEASE, I need some KisMac 0.21a, help from anyone that really knows. I've done a lot of online searching, and the KisMac documentation is limited and hard to find, the manual is skimpy for a rookie like me to begin with.
I'm NOT interested in getting onto any networks, just finding out if anyone is on mine. I live on the 2nd floor, rear, in a 5 story building, in a major city, with lots of signals around me. KisMac is fairly simple it seems, "settings wise", if you just want to monitor in "PASSIVE MODE", and see how might be leeching your airwaves. I believe I have it setup correctly, and it seems to work properly, I just don't KNOW how to read the results, or if in fact they are really accurate in my case.
MY WIRELESS SETUP:
I have really old original Airport card 802.1, inside my Titanium laptop running OS 10.4.8.
DSL "XyZel Modem", runs Ethernet cable to,
Buffalo (WLA-G54C) "WAP - Wireless Compact Repeater Bridge-g".
KEY POINT: For reasons to NOT add length to this plea for assistance, for NOW, I am forced to use WEP security, I realize it has extreme limitations, and not that secure to begin with.
KisMac, in "Passive Mode":
I have run a KisMac scan (30 minutes or so), I then select my own network, and click on the "magnifying icon", for details of MY network. This new window is supposed to show any "Clients", and "Vendors", I saw a bunch more then my own recognized devices, which are the three listed at the top here:
DETAILS WINDOW:
MY "vendor" HARDWARE, one expects to see in the list:
"ZYXEL COMMUNICATION", this is the DSL modem.
"Melco Inc.", this is the Buffalo WAP.
"Broadcast", at FF:FF:FF:FF:FF:FF, I suspect this is normal, have seen this in others screen shots.
*** ones I can't account for:
"Intel Corporate", this shows up THREE times in the list with different "Client" addresses.
"unknown", show up THREE times in the list, different Client addresses for each.
"CAMEO COMMUNICATIONS INC"
Hon Hai Precision Ind Co Ltd", this show up twice in the list, different Client addresses.
Belkin Corporation
SOLOMON EXTREME INTERNATIONAL LTD
*** A TOTAL OF 13, only three I can vouch for!
*** NONE of the other "Vendor - Devices", show anything other then ZERO in the "SIGNAL" column, and "SENT BYTES" column, but do show tiny "KiB" numbers in the "recv. Bytes" column. Not sure what that means?
These results led me to believe that indeed one or more "folks" in my area may be leeching airwaves.
TEST I PERFORMED NEXT, (all about 30 minutes or so):
Before doing any MAC address banning in the Buffalo setup, from what I've read that can be SPOOFED anyway. I changed the wireless network Password, then ran KisMac again. I made sure my laptop was NOT connected to any of my other devices, like USB wireless "logitech" mouse, or external firewire drives, basically the laptop was running off battery and connected to the Airport network, nothing else should show up I ASSUME?
I see the same three above that I can account for as my own gear.
*** ones I can't account for:
"Intel Corporate", this shows up TWICE in the list with different "Client" addresses. That's a low total of just FIVE, three I know are my own devices.
NOTHING ELSE after that, so for the time being I felt other then the "Intel Corporate", which might be some defualt, maybe I was okay!
I quit KisMac, ran a BitTorrent all night giving out lots of packets over the air, just to see what would happen the next day.
TESTED NETWORK AGAIN: Next morning I ran KisMac again. Now the list has grown from the previous nights list of FIVE. These results look BAD to me.
*** Again, no numbers other then ZERO in the "SIGNAL" column, and "SENT BYTES" column, but do show tiny "KiB" numbers in the "recv. Bytes" column.
QUESTIONS:
Since it was overnight I left the network ON, with the NEW password, is it possible one or more folks are sitting there paying attention and then ran a hacking program and once again have the NEW password. I realize WEP can be cracked in 10 minutes or less in ideal cases. But I find it odd that a whole bunch of "Vendors" once again show up the next day in the details window, is this really ACCURATE as to what is connected to my wireless network? I realize one person's "network" could show up as more then one "device". But I now see 13 separate "vendor devices", of which only THREE I can really account for, and that's with not knowing what if anything the "Intel" one is.
Wondering what the "Intel Corporate" Vendor and addresses mean? Since as I've mentioned, seen this in someone else's screenshot, and it shows up in my list more then once. Also without being connected to any other hardware, how can or should anything other then my own devices show up in my own networks details list? And if they are showing up, does that mean my wireless network is being compromised?
Does the ZERO "sent bytes" mean anything, my TWO devices are the ONLY ones that show as SENDING anything in the "sent bytes" column, but all the other vendor - devices are showing something under the "recv. Bytes" column, mine show ZERO in that column. Confused on what this data really means?
I can't be changing my WEP password every few hours, unless I am NOT understanding the KisMac "details" window or have some major setting in the program, totally wrong. I'm able to duplicate these results, give or take a few in the client list. Ideally I would not be concerned if I only saw the THREE vendor devices I am aware of, that are my own.
Sorry for the long post, any help is appreciated in attempting to understand the KisMac data, or proper setup. If even one person has access to my e-mail, or internet traffic, then I will have to pull the plug on the wireless and go hard wired. WEP is the only option for my current setup, and those details are unimportant at least for this plea for help. THANK YOU!