How to detect which client generates most load?
Hello there.
I'm living in a hotel with my friends where there's one AP that we can use (password protected). Everything would be fine, aside from the tremendous network load that randomly appears during the day. I think that someone is downloading something like crazy, making it almost unable to use the Internet while me and my friends need it to work. Trying to solve this issue via talking doesn't work at all (everyone claimed that they are not downloading anything), so I thought that I might be able to find the culprit on my own using BT tools.
I've ran airodump-ng (on channel 1, the same that our AP uses) as soon as I've experienced that load. I also stared pinging google to see if the troublemaker is still blocking the intenet with downloads.
I didn't manage to come up with anything, so I have a few questions:
1) Does "Probe" refer to the clients that are connected to the ESSID that it displays?
2) How to reveal the BSSID that the certain client is connected to? Every single one is "not associated", besides my own MAC Address and the ones I death using aireplay-ng with -e and -c arguments.
3) Should the client that is downloading something generate more frames that the one who simply browses websites? Every single one client seems to either not generate frames at all or sometimes losing some.
4) Why does the "PWR" of some clients is "0"? When I'm connected to the AP, my PWR is also zero.
4) Is there another tool besides airodump-ng that might provide me with evidence I need?
I'm aware that some of these questions relate to how wifi works in general, but after reading a few articles I still have some doubts.
Thanks in advance!
Re: How to detect which client generates most load?
In a hotel environment it probably isn't one of the folks you're with. You're sharing the internet with everybody else in the hotel. You're not going to see traffic load with airodump, that's not what it's for. You need to be in line with the traffic. The access point might have a bandwidth monitoring page, that will tell you what you need to know.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
Re: How to detect which client generates most load?
Hopefully one of the more experienced BackTrack-ers will correct me if I'm wrong, but you could just monitor the network with Wireshark during a particularly slow period and see if any one IP address appears very frequently. If it does then I imagine that they're the one generating the most traffic?
I'm still a n00b though so that could all be false ^
Re: How to detect which client generates most load?
Not really. They could just be using an app that's really chatty on the network.Originally Posted by lolliver
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
Re: How to detect which client generates most load?
You didnt say if you had access to the router (that I recall) but if you did you could create a free opendns account at opendns.com then make it so opendns is the dns for all users of the router. Then go to opendns logon to your account and see the sites that are visited. This would NOT tell you how much bandwidth they use but, it would tell you the sites and you might see, netflix or torrent sites that people are using. Depending on the router you could then look and see the ips that are on line and hopefully the devices. eg Georges_pc. Then find george. Its always nice when people identify their pc's for you.
Posting Permissions
