PDA

View Full Version : Internet / wireless connection



MarkEsq
09-14-2012, 04:48 PM
If I have a character who owns a cafe, and someone comes in and uses the Wi-Fi connection, can my cafe owner see which Internet sites his visitor accessed?

If so, can he do it later (i.e., is there a log or something?) or does he have to be checking contemporaneously?

Also, does it make a difference if the Wi-Fi is password protected?

Thanks!

cbenoi1
09-14-2012, 05:00 PM
> can my cafe owner see which Internet sites his visitor accessed?

Commercial routers can be programmed to deny certain sites, to examine packets for billing purposes, and in some cases report to the system log an illicit usage. Not to spy in the general sense. I'm sure there is a way to echo all the packet traffic to a specific server, a bit like syslog does. But that would mean reprogramming the router for that. This is specialized programming, not an option any user can tweak.

It can be done, but this require a set of talent not readily available. If your cafe owner is in the market to steal credit card information for example, it would be better if he leaves his shop's WiFi setup as plain vanilla with a logon password people can get with a coffee, and have another setup nearby that offers Internet access for free. Most people would opt for the free one. Should that pirate one be found, the owner can claim he wasn't aware of it.

> Also, does it make a difference if the Wi-Fi is password protected?

No.

-cb

Medievalist
09-14-2012, 08:20 PM
Yes

Google packet sniffer.

Torgo
09-14-2012, 08:32 PM
If I have a character who owns a cafe, and someone comes in and uses the Wi-Fi connection, can my cafe owner see which Internet sites his visitor accessed?

If so, can he do it later (i.e., is there a log or something?) or does he have to be checking contemporaneously?

Also, does it make a difference if the Wi-Fi is password protected?

Thanks!

It doesn't make a difference if the Wi-fi is protected, because it's the cafe owner's router, so they have access to anything it's logging. I don't think all routers keep logs, but some certainly do; and it might be that it'd be a function the administrator would need to enable deliberately. So if the cafe owner has never decided to take an interest in these things, it's possible they might not be able to check anything after the event, assuming they have the wrong setup.

If the cafe owner HAS decided to take an interest in these things, then they could be logging traffic, or even monitoring packets in real time. I believe that the Wifi user could conceal some of their activity if they're connecting to a site that uses HTTPS - packets going back and forth would be encrypted, but the cafe owner would still probably be able to tell what the site is.

From a narrative plausibility point of view, I think you can do whatever you like with this.

EDIT: A clueful pal tells me all routers keep logs, so there's no reason to think the setup you describe would be unreasonable.

Nekko
09-14-2012, 08:44 PM
There is also a way to pick up that info from users who don't have firewalls set up on their computers, so you hack into their bluetooth signal.

GrayLensman
09-14-2012, 09:01 PM
There is also a way to pick up that info from users who don't have firewalls set up on their computers, so you hack into their bluetooth signal.
WiFi and Bluetooth are two different technologies. Depending on the WiFi technology being used, they don't even operate in the same frequency band.

Bluetooth is far easier to hack than WiFi, but WiFi can be pretty easy as well.

But an owner of a WiFi hotspot doesn't need to hack. All traffic passes through a common point before it heads out onto the Internet. It takes a little bit of work, or buying the right hardware. But it's not that hard to log, track, and view the traffic.

It's a bit much for a novice to do, but FAR from requiring an expert.

Medievalist
09-14-2012, 09:05 PM
WiFi and Bluetooth are two different technologies. Depending on the WiFi technology being used, they don't even operate in the same frequency band.

Bluetooth is far easier to hack than WiFi, but WiFi can be pretty easy as well.

But an owner of a WiFi hotspot doesn't need to hack. All traffic passes through a common point before it heads out onto the Internet. It takes a little bit of work, or buying the right hardware. But it's not that hard to log, track, and view the traffic.

It's a bit much for a novice to do, but FAR from requiring an expert.

If you have access to the router, it's trivial.

The data is in plain text.

Moreover, the average user sends everything to the router in clear text.

There are even packet sniffers that can be installed on a router; these are usually designed for industrial routers, not home systems, but they're quite common and used for traffic shaping, among other things.

One of my routers at one job could match mp3 binary data against a database and shut down the process when someone was downloading specific mp3 files.

Katie Elle
09-14-2012, 09:21 PM
Every router I've ever used, even cheap Linksys routers, has a logging function for sites visited. Some are very limited, like the above linksys, with only small amount of memory. Others will keep long records.

From that you could tell that someone was visiting www.absolutewrite.com

However, it wouldn't tell you who was doing so. These logs are usually by IP address, the numerical address given out by the router behind the scenes.

To figure out who was specifically looking something up, you'd need to look at a table that shows what addresses are being given out by the router to what PCs.

Sometimes that table will tell you the Windows Name of a PC, but more often it's the MAC Address, which is kind of the serial number for the network card. To know a computer's MAC address, you'd need to have access to it, either to look it up in the hardware properties of the network card or to open it up and read the serial numbers on the card itself. If you swap out the network card, the MAC is linked to the card not the PC so it would change. It would also be different for the wired and wireless network cards in a PC.

Other than what sites are visited, I've never worked with a router that told you what people were doing in the sense of what they were actually typing (ie, you couldn't use one to steal a credit card number). It's not hard to find tools to do this, but it's not something a regular router or firewall would do.

There are some routers and software you can flash to routers that let you do network management of hotspots. These tend to have a bit better logging capabilities, but they'll still come down to the same thing.

sciencewarrior
09-14-2012, 09:25 PM
As Torgo said, all traffic goes through the router, so it is easy to see the activity logs and discover what sites they were visiting.

There is a way to protect against this: a user can connect to a trusted server using an encrypted connection -- a VPN, virtual private network -- and from this server access the sites he wants. But an infinitesimal number of people do this, even when they know how to, assuming a café's wi-fi network will provide anonymity enough.

GrayLensman
09-14-2012, 09:30 PM
There is a way to protect against this: a user can connect to a trusted server using an encrypted connection -- a VPN, virtual private network -- and from this server access the sites he wants. But an infinitesimal number of people do this, even when they know how to, assuming a café's wi-fi network will provide anonymity enough.

Even this can be viewed. Just as a for example: The firewalls that Palo Alto Networks sells will proxy the certificate exchange in an encrypted connection, and then dynamically unencrypt and re-encrypt the traffic to read the contents. I recommended and installed one of these at a previous employer, and was able to view HTTPS and SSH traffic.

Without specialized hardware like above, now we're more into expert-level hacking.

cbenoi1
09-14-2012, 09:58 PM
> all traffic goes through the router, so it is easy to
> see the activity logs and discover what sites they were visiting.

Syslog - what users can turn on - only records events, mainly errors and spoofings so that an attack can be analyzed. Syslog is NOT a general packet sniffer mechanism. It only reports errors and such, which is used mainly to analyze external attacks (spoofing, DoS, etc).

What you need the router to do is echo all packets to a spying server; this means the router's software need be reprogrammed completely. It's like scrapping Windows on a brand new PC and installing Linux. Good hackers can do this. Casual users can't.

What does this mean from storytelling standpoint?

a) The cafe owner needs to be in cahoots with a hacker who does all that job for him.
b) there exist cheap commercial hardware out there, once reprogrammed, can do all the evil spying things the story needs - check who browses where. Not more.
c) going inside an encrypted packet to analyze its contents needs a lot of CPU juice, far more than what your run-of-the-mill PC can provide.


========


> can my cafe owner see which Internet sites his visitor accessed?

With a hacked router setup, yes.

> can he do it later (i.e., is there a log or something?)

Depending on what the hacker has done, that information could be displayed in realtime on a computer behind the counter. But web sites matched to Internet users is all the owner will get. More than that and you get into a lots of 'it depends'-type scenarios.


-cb