how can i verify if someone is using my wireless router furtively?

how can i verify if someone is using my wireless router furtively?
i've a dlink but it's a general question.
what program can i use?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I think you better increase the security to prevent people using your wireless signal than tracing them. Dont broastcast and use better security features.
Enable logging on the wireless router if it has the capability and analyse the logs, should be as simple as that.
Most DLinks have a WLAN 'Status' button on the Tools tab in the web configuration... that will tell you the MAC address[es] of any wireless card[s] connected, in real time.
You can take the MAC address from there and use it in the filters section to block their access altogether, even if they do manage to crack the security passphrase.

You can also log it, as AccyStanley said, and usually even have the log emailed to you when it's full.

Not broadcasting the SSID is pretty-much worthless as a security measure... so-called 'hidden' networks still show up on wireless monitors, just as [unknown], and not being broadcast doesn't slow down sniffers like aircrack, airsnort, omnipeek, et al one iota; if you're using your network, it won't take them long to break WEP security even with the SSID not broadcast.

Definitely use WPA with TKIP+AES ciphers (falls back to TKIP if AES isn't supported by the client card) if you can. And have it change keys every 900-1000 packets (most default to every 1800 packets).
If you need specific instructions, you'll need to tell us specifically what router you have (i.e. not just ''a dlink'').
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

tsubasa74jAuthor Commented:
i've a dlink dsl g624t and i'm agree with your opinions.
in specific i use kiwi syslog daemon but no logs are generated by this for my dlink.
is there some particular settings to enable?
i've enabled the log to my pc setting in the dlink but no string is generated in the kiwi syslog monitor
can you tell me another valid syslog program for my dlink?
is propably a dhcp problem (i've set it on the dlink)?
last question is this:
i've noticed that my router has a macaddress, and my wireless pc card has another macaddress,
so i've 2 different macaddress, is this right?
First, if you haven't already, on the Tools tab, System button, use the Save button to backup the router's settings to your hard drive (e.g. in a folder named G624T or DSL-G624T in My Documents).
Have you ever upgraded its firmware, btw?
If you ever upgrade its firmware or have to use the Reset button on the back you SHOULD be able to reload all settings using that file and be back in business in a couple minutes. I say 'should' because if the firmware upgrade adds more features the saved settings might not import correctly. :-(

To enable WPA encryption, in the router's web configuration interface, click Home along the top, then Wireless along the left side. Punch the WPA radio button, then more info will open below that. The ''Group Key Interval'' tells it how often to change keys (looks like the G624T's default is every hour; I would lower that to 900 seconds or so, but you can leave it at 3600 if you want).
Enter a passphrase of at least 10 characters (use non-sequential letters AND numbers, e.g. NOT a1b2c3d4e5, ABCDEFG12345678, q1w2e3r4t5y6 et cetera - I've seen all such sequences in brute-force dictionaries) in the PSK String field, and click Apply.
Now your wireless network is secure. If you have to restore your settings using the saved file, remember to repeat the steps enabling WPA, or even back up the settings again adding 'withWPA' to the filename. If you ever need to reload the saved settings, you might be glad you have it saved both ways, though. ;-)

> in specific i use kiwi syslog daemon but no logs are generated by this for my dlink.
> is there some particular settings to enable?

In the DLink's web configuration, on the Status tab along the top, then the Log button on the left. I'm not sure what the page limit is for the G624T; on the DI-524 and DI-624 it's about 5 pages (the oldest entries just scroll off into the bit bucket), and can be configured so when it's full or an attack is detected the router emails the log to an address you can enter on that same page. I don't see that particular provision in the G624T, but it looks like you can send different levels of logging to multiple remote machines on the Tools tab, using the Remote Log button. Otherwise you have to access the log in the DLink's web configuration interface, and it's cleared completely whenever the power to the router is turned off (or when the 'Clear Log' button is clicked on that page), and you can save a hard copy to disk if you need it for some reason (e.g. copy and paste MAC addresses from it into the Static IP setups, or into the Filters).

You can also see real-time who's connected to your router... see the Status tab, DHCP Client button.
While you're on that page, click+hold and drag the icon just to the left of 'http' on the Address bar and drop it on your desktop. Then you'll have a shortcut to that page so you can quickly check it whenever you want... the login box should still popup before letting you access it from that shortcut, of course.

> i've enabled the log to my pc setting in the dlink but no string is generated in the kiwi syslog monitor
> can you tell me another valid syslog program for my dlink?

I'm not sure which log setting you're talking about there... is that the one on the Status tab or the one on the Tools tab?

One thing I REALLY dislike about DLinks is having to click Apply on every page you make a change to (or else the changes are lost if you switch pages without clicking Apply), which proceeds to reboot the router, wait 30-45 seconds, then make you login to the web configuration interface again. :-(

> is propably a dhcp problem (i've set it on the dlink)?

I don't understand the question.  What is probably a DHCP problem?

> last question is this:
> i've noticed that my router has a macaddress, and my wireless pc card has another macaddress,
> so i've 2 different macaddress, is this right?

3, actually. Your PC's ethernet card has one; the DLink has one for its ethernet/ADSL port[s] and yet another MAC address for its wireless interface. In addition, the DLink can clone your PC's MAC address and pretend to be that MAC address when talking to/through the ADSL port... in that way if your PC was used to setup the connection originally, the DLink can be added later, the PC's MAC cloned, and the telco still thinks it's talking to the same piece of hardware so you don't need to call them to reset things to work with the new MAC address. Generally that shouldn't be necessary, anyway - just powering down the router/modem, then powering them back up a few minutes later should cause the account credentials to be presented again and if those match the telco really shouldn't care what MAC address it sees. Some do, though.
tsubasa74jAuthor Commented:
very complete explanation Darr 247! :-)
i thinnk your answers are complete but only last observation before assign you points.
if i 've understood in the right way, i can use dlink to clone mac address of my wireless pc card to clone and use the same mac of it.
what menu in the dlink can i use for it and what must i indicate for this goal!
very thanks and bye
Then I guessed right for the version you have... versions of the DSL-G624T made after July 2007 don't have a Home tab along the top of their web interface, so that would've been very confusing.  :-)

On the Home tab, under the WAN button, the Clone MAC Address button only appears with Dynamic IP selected for the WAN Setting. If that's not what you're using, you might rethink wanting to change it.

If you do still want to change the MAC, and if the WAN Setting is currently PPPoE/PPPoA you should write down the username, password, connection type, et cetera before you change the WAN Setting to Dynamic IP, in case you need to re-enter those credentials and settings afterwards (everything but the username, password and connection type are probably still on their default settings, but record them anyway).

You can make it any MAC address you want; usually the MAC of the ethernet card in your PC would be used, not that of the wireless card. Just type it in the field above the button like 00:16:CF:85:43:21 (that's a Broadcom adapter's MAC address, btw). Then click the Clone MAC Address button, click the Apply button, then you'll need to save it on the Tools tab, System screen... click the Save and Reboot. When it comes back up you'll need to go to the Home->WAN screen, select the WAN Setting you had previously, possibly enter the saved credentials again, click Apply, then Save and Reboot AGAIN on the Tools->System screen.

Did you get WPA encryption working, btw?  Leaving security disabled is like having the door of your home unlocked all the time. Sure, many do that; unfortunately, there are people that might take (bad) advantage of that situation if they happen across it, too.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Hardware

From novice to tech pro — start learning today.