[SOLVED] Disable possibility for multiple wifi clients to connect concurrently

Hi,

I have a device that needs to connect to my router's AP for a short period of time (< 3 min) and the traffic must be secured (avoid other wifi clients being able to connect and spy on the network).
Thus, I want to limit the max amount of concurrent wifi clients to 1.
I mean only one wifi client can connect at a time.
How can I do that ?

I thought about setting the limit option in the dhcp config file but is there another way ?

Thanks

Do you really need to limit the number of clients? Could you do just blocking the traffic between clients (it's called "client isolation" and is a currently available option)?

1 Like

That looks great ! Where can I find this?
But despite "client isolation" anyone sniffing the network with wireshark could intercept the (decrypted) frame, no ?

you broadcast frames, anyone in range can hear them and sniff them without connecting. if you want privacy create a separate encrypted SSID that only this device has the strong password for.

1 Like

I meant decrypted (not non-encrypted) frame : when clients are on the same network, all packets are decrypted...

A wireless card can sniff packets on your network without connecting or authenticating to the AP.

This is not true (at least from a client's perspective)


The trivial decoding of WEP encryption went out with WEP basically a decade ago. WPA2 is believed to be "reasonably secure" at this time, compared to the value of the data that flows within it.

1 Like

Yes, and my AP is WPA2 encrypted... :grinning:

when clients are on the same network, all packets are decrypted...

This is not true (at least from a client's perspective)

Why not true ?
I've been able to read the packets when in monitor mode on the same wireless network.
So any wireless client connected to the same network as mine can read the content of the packets even if the network has WPA2 encryption.

Encrypted payload, yes. Decrypted payload, not without the client's key.

If you're seeing "clear text" in your packet payloads, your AP and/or clients aren't set up properly for encryption.

1 Like

I'm pretty sure that I've been able to read the payload just with the network WPA2 key... What would technically limit you from decrypting the payload ?
Ahhh... You mean there is one key per client and thus clients can't decrypt other clients packets ? Then you could decrypt if running wireshark on the server side but not on the client side... Right ?

Yes, there's a session key per client, but it's trivial to discover that session key if you're using WPA2 pre-shared key (PSK) and you capture the handshake. If you want each client to have its own strong session key use WPA2 enterprise, preferrably with EAP-PWD to get good authentication and security to avoid MITM attacks.

3 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.