Hi,
First of all, I'm sorry for the bad drawing. I want to detect all the devices that are connected to the internet via connected device's hotspots. Is there any way we can list all these devices as they are not directly connected to AP, so it is hard to detect them? Any suggestion is appreciated.
I have problems to understand your setup. Where is the connection to the internet ? Where is openwrt (router) ?
Anyway, on openwrt you might use https://conntrack-tools.netfilter.org/manual.html
AP is main access point(Running openwrt) connected to internet. And d2 is sharing the internet to d3 and d4 so i need to capture d2 as it's sharing the internet.
Are all the other devices running openwrt?
No, Only ap is running on openwrt.
What are the other devices? Are they routers? Switches? APs?
Other devices are just normal mobile phone or pc. So i want to detect if any of these devices are further sharing the internet or not.
As written already, conntrack-tools on AP or D2 should give you info about all active connections (conntrack -L). But you will find IPs, there, only.
Depending upon type of "hotspot" , and openwrt on D2, you can find out more.
No d2 is not running openwrt.
The only way you can detect sharing is if those devices setup a bridge such that any downstream devices would actually have addresses on the same subnet. However, I would imagine that any sharing modes would involve NAT masquerading, which you would not be able to detect.
What about checking if that device is running DHCP server or not? Any way to do that?
Nope. Not unless the dhcp server is actually trying to serve on your main subnet (which would have the potential to mess things up on your network, but would be indicative of a misconfiguration more so than a sharing situation).
Ohh, I see. So no way to prevent NAT masquerading? As in many public network we can't share the internet via mobile hotspot. So how do they achieve it?
some use techniques like vouchers, cookies, or captive portals.
Others manipulate the TTL on the packets such that they cannot traverse another router hop.
Let me research this technique in detail. Thank you so much for your quick response. : )
Yep, modifying TTL is a method to block the sharing. Althoug, experts still can circumvent it. Simplest solution: On the hotspot, to limit the amount of traffic to every user. This will limit traffic to sharing users, as well, of course.
Second solution will not work as those unauthorized devices should not connect to internet via our network. Is there any way to monitor TTL value of data packets in openwrt?
Packet inspection on the AP possible, but too CPU-intensive. But you can limit TTL of incoming packets on AP to be 3, not to reach devices connected to D3/4. But it still would allow these devices to reach the web, without getting a response.
That sounds nice. Let me try the solution.
Hi @reinerotto
I am trying to run iptables -t mangle -A PREROUTING -j TTL --ttl-set 3 but it not working.
