How do I track down a potential rogue device on my WiFi network?

mohamed abdellatif October 14, 2014
Ads by Google

Can I know if I mention an IP address and MAC address, the type of the device that is connected to my WiFi as it stealing my WiFi?  I am not that professional in PC things and I want to be sure if this isn’t a part of the router or the WiFi device.  It is mentioned also that the type of device is Mitsumi Electric, and also there is IP address with MAC address I didn’t recognize called TG-ACF-LTP-0003. I want to know if it is laptop or mobile or tab.  It will be very helpful if you mention ways to help, I can mention the addresses if it helps to detect the kind of device.  Many thanks.

  1. Bruce E
    October 17, 2014 at 9:46 pm

    Go to Download and install the application. Open up a command prompt and run 'nmap -v -A,147'. This will aggressively scan (-A, to detect OS, version info, etc.) in verbose mode (-v) the IP addresses and and display a report on the screen. The report should help you figure out what devices are using those IP addresses.

    • mohamed abdellatif
      October 18, 2014 at 8:57 am

      First of all thank you for your help mr bruce,second thing after I download the nmap, how I open a command prompt and run nmap-v-a192.168.1.108, and does these need me to do it or you can do it for me or someone else, last thing appreciated your help.

    • mohamed abdellatif
      October 18, 2014 at 9:11 am

      And also there is alot of version, so which version do you suggest for android phone or sony laptop.

    • Bruce E
      October 18, 2014 at 2:57 pm

      If you have a Windows machine, you can just use the latest installer. I don't know of any options for running it on Android as it is not something I would even try since I have multiple other Windows or Linux machines to use for this.

      Since you are using private network addresses, this is something that has to be run on your network. Allowing someone else to remotely access your computer to run the scan is possible, but you need to trust that they will only do what you want them to do.

      Opening a command prompt can be done by hitting Win+R, then typing 'cmd' followed by Enter.

      Once the command prompt is open, use the following command (capitalization and whitespace matter, so copy and paste is best):
      nmap -v -A,147 > scan_results.txt

      With this command, the output will be redirected to a file called scan_results.txt in the current directory as it will likely be too long to display in a single text screen. Just open that file with Notepad or another text editor to see what the scan finds. You can post any questions you have about the results here as well.

  2. Bruce E
    October 17, 2014 at 1:39 am

    You could use nmap to scan those 2 IP addresses for open ports, connection responses, etc in an effort to identify the specific device.

    • mohamed abdellatif
      October 17, 2014 at 3:38 pm

      Mr , bruce can you explain more clearly what to do as I didn't understand a word, and I am a beginner in this issues, many thank for interest and help

  3. mohamed abdellatif
    October 15, 2014 at 7:15 pm

    Yes they are still there

  4. mohamed abdellatif
    October 14, 2014 at 3:42 pm

    Thank you all,so as experts does mitsumi this make mobile or pads or laptop or it is only parts of the wifi, as I doubt that someone inside the house us hiding a cellular phone or laptop , so I wanna be sure that it's not from inside the house first.

    • DalSan M
      October 14, 2014 at 9:32 pm

      "Mitsumi typically serves as a supplier to original equipment manufacturers (OEMs); customers have included computer products manufacturers such as Apple, Dell, and Microsoft."

      They make electronics, but most of what they make are components for electronics that range from tablets, laptops, desktops, DVD players, etc. It is impossible to really tell what device it may be just by the name of the manufacturer of computer components.

    • ha14
      October 15, 2014 at 9:22 am

      you can reset the router and check if it is still there?

  5. Oron J
    October 14, 2014 at 2:57 pm

    Mohamed, just to explain some of what was said above in more detail. The MAC address is a unique number built into the hardware of every network device (effectively a serial number). Manufacturers of network hardware are given a range of numbers they can assign to their devices, but they can assign them any way they want. Some manufacturers use specific ranges to different bits of hardware, others are less systematic, but at any rate there's not global "directory" which will tell you which number corresponds with a particular type of hardware.

    The IP address is allocated _by your router_ to a device when it connects to your network so it has nothing to do with the connected hardware.

    Some network programs will try figure out what the device they're connected to is by obtaining a series of clues (for example, the "network map" in Windows, but this is won't work with all hardware and is in any case unreliable.

    At any rate, this is not the right approach to securing your network. As James suggested, replacing your WPA password is a better bet. Having MAC address white lists (or black lists) will also enhance your security, although this measure can be defeated by "MAC spoofing" by any knowledgeable hacker.

    October 14, 2014 at 1:27 pm

    Hello, you could also check the IP addresses of all the known devices in your network. If you check all your devices and you do not find any that matches the IP addresses shown, then you know somebody is in your network. Like James said, make sure you are using WPA2 and change the password for your network.

  7. dragonmouth
    October 14, 2014 at 12:06 pm

    For what it is worth, using MAC filtering, you can block those two MAC addresses from accessing your network.

  8. ha14
    October 14, 2014 at 8:57 am
    • mohamed abdellatif
      October 14, 2014 at 10:24 am

      Hello, thank you for your help, but u didnt get my question, I am already using an application that detects who is on my wifi , and it is better than who is on my wifi, it is called ping, and I have 2 strange ip , I mac address detected, so I wanna know better how to detect the kind of this devices or to track them or are they a part of the network. is the ip address of one, and the mac address of it is 00:A0:96:7A:94:72 and the device type is mitsumi, the other is this is the ip address, and the mac address is A0:A8:CD:10:AA:77, and the netbios name is TG-ACF-LTP-0003, so if anyone can help me to detect this kind of device , whether it is a part of the network, and if there is any possible way to reveal them or track them.many thanks

    • James Bruce
      October 14, 2014 at 11:39 am

      No, you can't. You've already got as much as you can from the MAC address from a public database - which is basically the manufacturer. The second one you mentioned is registered to Intel Corp.

      Remember that every device on the wifi will be shown, so that includes routers or maybe wifi extenders.

      If you're worried, just change the passphrase, and re-authenticate all your devices. Assuming you're using good security (WPA2 or better), you shouldnt be worried.

    • ha14
      October 14, 2014 at 1:05 pm

      The first 3 hexadecimal numbers can be used to determine which company the MAC was assigned to
      00-A0-96 (hex) MITSUMI ELECTRIC CO., LTD.
      00A096 (base 16) MITSUMI ELECTRIC CO., LTD.

Ads by Google