Yantis, Jonathan Lindsey wrote:
Sometimes that is the case and sometimes not. I think what Jeff was saying is that they connected to the AP with a client and then pinged a
Not necessarily. You can snarf it off the beacon, even if it is closed.
device or something along those lines to get the clients mac to show up
That certainly is a good method when it works, but the WAP may not be open.
on a port. Then you don't have to worry about the APs mac, you just look for your own.
Even if not obiwan, it is often within a few octets. Start with show mac-address-table | include xxxx.xxxx.xx and then remove more nibbles until you start getting hits. You still may not get close (WAPs with PCCard NICs will generally not be close ... e.g. RoamAbouts have Yago wired, but whatever Lucent-style you plug in on the wireless), but the usual Linksys/Dlink/Belkin crap will get caught this way. Sometimes you just have to resort to the Pringles Can of Death or the 4MegaWatt 2.4GHz transmitter, but start with these tricks.
And if all else fails, I guarantee if you start walking around with a big wad of keys, a pair of wire-cutters, a BVS Locust, and a couple of your biggest and ugliest from the network goon squad, it won't take long to find the remaining WAPs ... just like rats skittering for the hole.
--ckg
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
