Linux Zorin OS 17.2 - Verify who is using my WIFI

Joined
Sep 16, 2021
Messages
50
Reaction score
8
Credits
394
Greetings!
Please advise how I can view who is using my WIFI.
Is there an app in the Ubuntu store?
Is there a command?

Thank you.
 


The OS has no way of seeing that information unless your wireless device (router, not card) has something like an API to share that information with your computer.

Log in to your router and you can possibly see stuff like the MAC addresses of those using the device, it may even contain the hostname and private IP addresses of the devices connected.

But, no, Linux doesn't have a way to access that data unless that data is shared by the router though some mechanism like an API. You'll need to log into your router's control panel. That will be an address like https://192.168.0.1 but you'll need to find that information for your particular router.
 
Not something i have bothered with, but it can be done in most Linux using terminal route -n [but you will need to read up on how to use it]
 
Not something i have bothered with, but it can be done in most Linux using terminal route -n [but you will need to read up on how to use it]

I believe you can show all connected devices with this, but that would include anything wired to the network and not just wireless connections.

I'm pretty sure?
 
Greetings!
Please advise how I can view who is using my WIFI.
Is there an app in the Ubuntu store?
Is there a command?

Thank you.
As @KGIII mentioned, logging into the router is used here to see who's on the network.

The other ways known here are to use arp-scan:
Code:
arp-scan --localnet

Or use the iw command:
Code:
iw dev <interfaceName> station dump
as described here: https://wireless.wiki.kernel.org/en/users/documentation/iw

To find the <interfaceName> run:
Code:
iw dev
If arp-scan and iw are not installed, they are installable.
 
Or use the iw command:
Code:
iw dev <interfaceName> station dump

Hmm... That's not showing other devices connected to the wireless network here.

(I may be mistaken. I may also learn something new.)
 
Hmm... That's not showing other devices connected to the wireless network here.

(I may be mistaken. I may also learn something new.)
Yes, I think you are correct. Rather, the command here gets the stats, but we have a user here who uses them to make inferences about the internal wifi users whilst using the command against peers, so I guess it's only of limited use generally. Sorry to mislead.
 
Last edited:
I use netdiscover -i wlanhere -p to monitor ARP traffic. You can use it in active mode, without the -p, to scan for hosts on your network. You can use wireshark to sniff packets to see what's being passed on your network and even use it to track down rogue wifi clients by their signal strength, thus allowing you to home in on them. Use the correct name for your wifi NIC device instead of wlanhere. Use ip a to see a list of network devices on your system. You might need to run wireshark on a mobile device or a laptop if you want to track unauthorized users. The others are also correct, logging into your router is a good way to find out who's on your network. The other thing to watch out for is this, routers are often vulnerable to hacking and can be used as a proxy to gain access to the network they serve and other nearby networks that they don't serve. This happens where I live all the time. Make sure each host has its own firewall to protect it from such attacks. You can use nmap to search for hosts using your network. You can use an ARP ping instead of an ICMP ping, as the ICMP ping is sometimes blocked by some hosts. You can turn off the ping request with -Pn when using nmap to presume the host is up and start port scanning it. Your body will absorb some RF radiation which can help you to create what is known as a null in the antenna pattern which can be very helpful in radio direction finding. This can help you to track down wifi users. You can continue to send them ARP requests to keep them active to help you track them down.

Signed,

Matthew Campbell
 
Yes, I think you are correct. Rather, the command here gets the stats, but we have a user here who uses them to make inferences about the internal wifi users whilst using the command against peers, so I guess it's only of limited use generally. Sorry to mislead.

Also, folks are operating on the assumption that the router puts all clients on the same local network. That's not something I'd make assumptions about, having seen all sorts of default (and customized) configurations.
 
Also, folks are operating on the assumption that the router puts all clients on the same local network. That's not something I'd make assumptions about, having seen all sorts of default (and customized) configurations.
Yes. The limited experience here is showing its limitations. The wifi here is on a single network, and though able to accommodate a lot of connections, has never been hacked, and there's expertise here greater than mine that run it. Perhaps too limited and precipitate on my part to have commented.
 
Yes. The limited experience here is showing its limitations. The wifi here is on a single network, and though able to accommodate a lot of connections, has never been hacked, and there's expertise here greater than mine that run it. Perhaps too limited and precipitate on my part to have commented.

It's informative and beneficial for information's sake.

Alas, other than checking the router itself I can think of no way to do this with any degree of certainty, at least not with the information we have immediately to hand.

If they were operating a commercial router, there might be a way. Though, in my experience, they don't provide a way to gather that information programmatically but rather through a web portal of sorts - often written in horrible Java, even to this day.
 
There is a method to capture wireless traffic, by putting your Wi-Fi card promiscuous mode you instruct your card to send all wireless traffic to TCP/IP stack, even traffic that is not directed toward your card's MAC.

Once such traffic is received you'll normally run a packet capture software which will accept and process all network packets.
What this means is you'll be able to collect all MAC's on the network and can then figure out if there is unwanted guest connected.

User friendly method is to use Wireshark because it has GUI with filtering options.

If you want to do it in terminal you can use iw command to put your NIC to promiscuous mode, and then run tcpdump command with appropriate filter options to capture network traffic and later analyze it manually.

The only type of traffic you'll be interested in to capture is ARP because it's Layer 2 protocol which carries MAC addresses in it's packets, and because without ARP no host on network can function.
 
The OS has no way of seeing that information unless your wireless device (router, not card) has something like an API to share that information with your computer.

Log in to your router and you can possibly see stuff like the MAC addresses of those using the device, it may even contain the hostname and private IP addresses of the devices connected.

But, no, Linux doesn't have a way to access that data unless that data is shared by the router though some mechanism like an API. You'll need to log into your router's control panel. That will be an address like https://192.168.0.1 but you'll need to find that information for your particular router.
Thanks
 
There is a method to capture wireless traffic, by putting your Wi-Fi card promiscuous mode you instruct your card to send all wireless traffic to TCP/IP stack, even traffic that is not directed toward your card's MAC.

Once such traffic is received you'll normally run a packet capture software which will accept and process all network packets.
What this means is you'll be able to collect all MAC's on the network and can then figure out if there is unwanted guest connected.

User friendly method is to use Wireshark because it has GUI with filtering options.

If you want to do it in terminal you can use iw command to put your NIC to promiscuous mode, and then run tcpdump command with appropriate filter options to capture network traffic and later analyze it manually.

The only type of traffic you'll be interested in to capture is ARP because it's Layer 2 protocol which carries MAC addresses in it's packets, and because without ARP no host on network can function.
Thank you.
 
Yes. The limited experience here is showing its limitations. The wifi here is on a single network, and though able to accommodate a lot of connections, has never been hacked, and there's expertise here greater than mine that run it. Perhaps too limited and precipitate on my part to have commented.
Many thanks.
 
I use netdiscover -i wlanhere -p to monitor ARP traffic. You can use it in active mode, without the -p, to scan for hosts on your network. You can use wireshark to sniff packets to see what's being passed on your network and even use it to track down rogue wifi clients by their signal strength, thus allowing you to home in on them. Use the correct name for your wifi NIC device instead of wlanhere. Use ip a to see a list of network devices on your system. You might need to run wireshark on a mobile device or a laptop if you want to track unauthorized users. The others are also correct, logging into your router is a good way to find out who's on your network. The other thing to watch out for is this, routers are often vulnerable to hacking and can be used as a proxy to gain access to the network they serve and other nearby networks that they don't serve. This happens where I live all the time. Make sure each host has its own firewall to protect it from such attacks. You can use nmap to search for hosts using your network. You can use an ARP ping instead of an ICMP ping, as the ICMP ping is sometimes blocked by some hosts. You can turn off the ping request with -Pn when using nmap to presume the host is up and start port scanning it. Your body will absorb some RF radiation which can help you to create what is known as a null in the antenna pattern which can be very helpful in radio direction finding. This can help you to track down wifi users. You can continue to send them ARP requests to keep them active to help you track them down.

Signed,

Matthew Campbell
OK thanks.
 
Will wireshark simply show a list of all connected devices? I mean on a simple, dedicated screen.
 

Staff online

Members online


Top