Shulou(Shulou.com)06/01 Report--

Sitting in the office in the morning, I found that a user's computer was connected to a non-IT-controlled SSID, and the SSID could not be seen on other computers, so I wondered if someone had secretly connected to the wireless router in their position, and they were professionals who hid the SSID unless they were not aware of the situation internally.

Now that I have found out, as an IT, I have to do my duty to check it out. First of all, I saw that the computer IP is 192.168.1.x, which has nothing to do with our intranet segment 10.x.x.x. It must be the result of doing NAT. So I reflected this problem to my colleagues. To be honest, I haven't dealt with this kind of problem for some time, and I have no clue, but at the critical moment, we can't panic, so we started to do it. First of all, record the wireless model and mac address, model: TL-845N, preliminarily judged as a Soho TP-LINK router, enter 192.168.1.1 in IE, you can jump out of the login interface. Just enter the default admin account and password can not be verified, so it is more determined that this person will also change the wireless management password, this step can not continue, we have to explore the next step.

This time we started with the DHCP server, and we went to find this router on DHCP. Fortunately, our switch port is secure and the computer is named according to the rules, which reduces the workload. By comparing the table in the DHCP entry, we find that the name of this router appears in the DHCP list, and the mac address is only the last bit different from the first recorded mac address, so the location is accurate. Because the mac address of 192.168.1.1 found on the computer is the LAN address of the router, while what you see on the DHCP is the mac address of the WAN port, the switch learns the mac address of the WAN port of the router directly connected to it, so the last bit is different.

Finally, with the mac address, everything changed so smoothly, by accurately locating the mac address of the WAN port on the aggregation to find the corresponding switch port, so we thoroughly found out where the router was placed in the local area network, acted immediately, grabbed the scene, and immediately verified the result. The on-site user said it was incomprehensible because he hid the router in a cardboard box.

By the way, wireshark tools are of great help to the network to grab packages, but at present I am not proficient in using them, so I still have to learn systematically when I have the opportunity.

In fact, although the problem has been solved, I always feel that it is still a bit of a detour. I welcome the network experts of 51cto to put forward better suggestions to facilitate you to learn together.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.