1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to see who has been using Wireless connection

Discussion in 'Tomato Firmware' started by JohnWB, Apr 17, 2009.

  1. JohnWB

    JohnWB Network Guru Member

    As someone not very up on Wireless networks, I am using Tomato with no problems at all with my Linksys WRT54GSV4, but I was wondering

    How do I find out who has been using the Wireless connection (if anyone). Is there a log of this or can one be generated someway.
     
  2. averylinden

    averylinden Addicted to LI Member

    I'm not sure there's a log kept for clients associating with your AP, but you can see DHCPREQUESTs in the log, which might be enough for your purposes. If you told us exactly why you want to see this information, there might be a better solution.
     
  3. bigclaw

    bigclaw Network Guru Member

    Under Status->Device List, you can see all PCs that are connected or have recently been connected. Any wireless clients that are currently connected will also have an RSSI value associated.
     
  4. JohnWB

    JohnWB Network Guru Member

    I just wanted to see if anyone had been using my Wireless connection that I didn't know about
     
  5. JohnWB

    JohnWB Network Guru Member

    Thanks, Is this in Tomato somewhere
     
  6. fyellin

    fyellin LI Guru Member

    When bigclaw writes "Status->Device List", that's the standard shorthand for
    1. Open the router in a browser window
    2. Find the menu item "Status" on the left.
    3. Under "Status", click on the submenu item "Device List"

    As bigclaw writes, you will see a list of all devices that have recently been talking to your router. The Wireless clients will have a value in the RSSI column
     
  7. bripab007

    bripab007 Network Guru Member

    Yes, but the Wi-Fi clients will only have an RSSI value next to their DHCP lease if they're connected at that moment. For that reason, it'll be pretty difficult to determine if any of the devices whose leases have yet to expire but are currently not connected are Wi-Fi clients.
     
  8. bigclaw

    bigclaw Network Guru Member

    Well hopefully in a home environment where physical access to the router is limited, any unrecognizable clients are by definition wireless clients.
     
  9. bripab007

    bripab007 Network Guru Member

    Touché :-D
     
  10. kooslx

    kooslx Addicted to LI Member

    Hi John, this is something I've been wanting to know myself as well. The DHCP log is in that respect not a good source of information, because it doesn't tell you when a wireless client initially associates with the access point nor does it tell you when a client disconnects.

    I run a few WRT54GLs with Tomato v1.23 in my house as wireless access points. The access points are on a wired network and set up to allow roaming within the house. I want to be able to log when clients switch from one access point to another. (I can imagine that for some people there may be an economic reason to log roaming events, for example to determine that a particular access point is so rarely used by clients that it's more cost effective to move it to a more busy location rather than to invest in adding new one. For me personally, I wanted to log this information simply "because I can" :)).

    If you've ever logged into your WRT using SSH or Telnet, and played with the wl command, you've seen that there's a wealth of information that you can query from the wireless driver. For example the "wl assoclist" command will tell you the MAC addresses of all currently associated wireless clients.
    Code:
    # wl assoclist
    assoclist 00:AA:AA:AA:AA:AA
    assoclist 00:BB:BB:BB:BB:BB
    assoclist 00:CC:CC:CC:CC:CC
    When a wireless connection is dropped, the client's MAC address will no longer appear in the "assoclist".

    Just for fun, for each associated client, you can also retrieve connection details with the "wl sta_info" command, that tell you how long a client has been associated with the access point, and how long it has been since the last network packet was sent/received.
    Code:
    # wl sta_info 00:AA:AA:AA:AA:AA
     STA 00:AA:AA:AA:AA:AA:
             rateset [ 1 2 5.5 11 18 24 36 48 54 ]
             idle   11 seconds
             in network 303365 seconds
             state : AUTHENTICATED ASSOCIATED AUTHORIZED
             flags 0x39 BRCM
    
    I've created a script that uses the "assoclist" to construct a very rudimentary logging capability for when clients associate with and disconnect from the access point. A more sophisticated approach would be to modify the wireless driver and add logging directly into the driver code, but for my purposes a simple approach is more than sufficient.

    Every five seconds, this script compares the current output of "wl assoclist" with the list of the previous run (five seconds ago). If there's a new entry in the list, it will log a message to syslog; if an entry is missing this is interpreted as a client disconnect, and an appropriate message is sent to syslog.

    Code:
    #!/bin/sh
    PATH=/bin:/sbin:/usr/bin:/usr/sbin
    cd /tmp
    
    while true; do {
    touch assoclist
    wl assoclist > assoclist.new
    
    awk '
    BEGIN {
            macs[""]=0;
    }
    {
            if (FILENAME == "assoclist") {
                    macs[$2]="old";
            } else {
                    if (macs[$2] == "old") {
                            macs[$2] = "both"
                    } else {
                            macs[$2] = "new"
                    }
            }
    }
    END {
            for (m in macs) {
                    if (macs[m] == "old") {
                            print "Wireless association ended:", m;
                    } else if (macs[m] == "new") {
                            print "Wireless association started:", m;
                    }
            }
    }
    ' assoclist assoclist.new | logger -t assoclog
    
    rm assoclist
    mv assoclist.new assoclist
    
    sleep 5
    } done
    This script is meant to be started at boot-up of the access point, and runs indefinitely. Save this script to a JFFS or CIFS file system, and run it from Tomato's "init" script in the Administration menu. Assuming you've named the script "assoclog", you've saved it to JFFS, and gave it exec permissions ("chmod 755 /jffs/assoclog") you'd put the following lines in your "init" script:

    Code:
    # let's make sure all network services are up first:
    sleep 5
    # start assoclog and run it in the background:
    /jffs/assoclog &
    Reboot your Tomato box and this script should be running. As it starts up, it will log the currently associated clients, and every 5 seconds checks if new clients have connected, or if some have left. The MAC address of these clients is logged to syslog, so you can review it either using Tomato's web interface, or (in my case) in the syslog file on your central syslog server.

    I hope this works for you as well as it does for me!
    Have fun,

    Koos

    PS: As you can see I've used awk for some basic scripting. There's a lot of good beginner level information on awk on the internet, for example here and here. It is a simple scripting language, but the advantage is it's already in Tomato.
     

Share This Page