Find out what devices have been getting an IP from the DHCP daemon that's running on your WRT54G
This will be a short article, but some of my readers may find it of interest. As
many of you know, the Linksys WRT54G router runs Linux on a MIPS processor. With
the right firmware you can do a lot more with the WRT54G then was originally
intended by Linksys. This article will show you how to find out what devices
have been getting an IP from the DHCP daemon that's running on your WRT54G. You
can use you imagination to see how this may be useful.
The first thing you need to do is get the modified firmware from
http://h.vu.wifi-box.net/
and load it onto your Linksys. This firmware for the WRT54G lets you telnet into
the router and mess around with the inner workings. If you don't like using telnet for
security reasons then try the firmware from
http://www4.ncsu.edu/~bdferris/linksys_wrt54g/, it has a SSH Daemon and you may be able to do the same tricks with it. Once
you have installed the firmware, telnet into the router (in most cases just
"telnet 192.168.1.1" from the command line will work) and issue the command
"dumpleases -f /tmp/udhcpd.leases". Below is some sample output:
# dumpleases -f /tmp/udhcpd.leases Hostname Mac Address IP-Address Expires in erwin 00:c0:f0:31:98:00 192.168.1.100 13 hours, 23 minutes, 27 seconds the-pitt 00:10:dc:91:f6:6c 192.168.1.101 16 hours, 19 minutes, 40 seconds you-know 00:0c:41:12:f2:a3 192.168.1.102 13 hours, 19 minutes, 24 seconds openzaurus 00:10:7a:58:37:a6 192.168.1.103 expired terror-drome 00:00:00:00:00:00 192.168.1.106 expired 00:00:00:00:00:00 192.168.1.104 expired 00:00:00:00:00:00 192.168.1.108 expired 00:00:00:00:00:00 192.168.1.105 expired darkness 00:0d:88:83:32:8a 192.168.1.107 expired Knoppix 00:0c:41:12:ad:bc 192.168.1.109 expired terror-drome 00:00:00:00:00:00 192.168.1.110 expired Knoppix 00:02:dd:32:d0:f6 192.168.1.111 expired 00:00:00:00:00:00 192.168.1.112 expired DigitalPrimate2 00:06:25:24:77:ff 192.168.1.113 expired greatwhitedope 00:10:4b:a5:ad:8a 192.168.1.114 expired greatwhitedope 00:e0:63:50:79:a3 192.168.1.115 expired greatwhitedope 00:00:00:00:00:02 192.168.1.116 expired greatwhitedope 00:00:00:00:00:03 192.168.1.117 expired terror-drome 00:30:f1:43:a8:30 192.168.1.119 16 hours, 24 minutes, 36 seconds # #
As you can see, you now have the host name, MAC address and given IP of the devices that have used the DHCP daemon on your router recently. Notice that some of my devices have had their MAC addresses changed frequently, the is because of preparation for a previous article. You can use this lease information to help figure out who has been attaching to your router.