Hi,
Is there any way that we can extract information from a wireless router? Found a CNet CWR-854 wireless router in one of my client's place which was being used to illegally access the local network (by doing physical wire-tapping & accessing the network wirelessly since the network is not connected to the Internet).
Thanx
Is there any way that we can extract information from a wireless router?
Yes, depending on the model, most have an option to enable login via a console. If you are able to do that then you may be able to query the router for things like dhcp leases mac addresses firewall rules etc.
You may also be interested in a paper on wireless network assessments available from here http//www.forensicfocus.com/downloads/examining-wireless-access-points.pdf
hi echo6,
thanks for the reply. i'll try as you suggested 1st & see whether i can get what i want )
siva
Hi
Another thing is have a look at the hidden pages if the Router is html based, Lynksys have loads and it can be very good evidence.
Simon
hidden pages
That's a very good point, if you can get hold of the manufacturers manual that will help but be aware that not all the features are documented, the cli interface is usually one of them!
Most routers of this kind keep their logs in RAM only. If it was powered down after discovery I'm afraid there is not much info left. If this particular router has the modified firmware, and a writable flash file system, you might be interested in file dates, this way you may find out when the router was configured.
http//
A quick check with came up with this
http//
Which shows -
http//192.168.62.1 as the access address. This should get you to the logs and stuff if it still "live" If it has been shut down, like NeGrusti said, You may be outta luck.
If you already knew this stuff….sorry.