I work at a car lot overnight with free wifi access. They used to turn the internet off at night after business hours, but recently they've been leaving it on.

Just wondering if they can see 1.) that I'm on the network, and 2.) what webpages I've visited when they come back in the morning. Network does not require a password, when I logon it says "This is an unsecured network. Information sent over this network might be visible to others." Just wondering what all that second bit entails.

Just wanting to know if I should be surfing 4chan and totse and other traditionally NSFW sites.

They can't see it, by default...

Yes they can - however it would take a fair bit of time to piece the packets together and finish an analysis.

Also, you'd have to ask oddballz - but the router might log you MAC address...

some routers remember the sites visited. I remember i looked on my old netgear router and it had a list of every site visited. The router I use now, though, does no such thing and i'm not sure if theres anyway you could find out what sites people have been on.

As for MAC addresses they're always remembered by routers, but you can just get a MAC spoofer program ;)

Yes they can - however it would take a fair bit of time to piece the packets together and finish an analysis.

There is automated software that can reassemble the packets into a HTTP exchange. Same for HTTPS, but you have to break the encryption on that, which isn't terribly easy at present.


Also, you'd have to ask oddballz - but the router might log you MAC address...

Some routers do and some don't. My router doesn't log anything (although there is probably a way to turn it on, I haven't fished around the router's configuration pages enough to find it).

My router only remembers MAC addresses in the DHCP leases configuration, but as far as I know it doesn't display that listing anywhere either.

My only real concern is that I'm the only person who would logically be on the network that late at night. So the sites I've visited are going to naturally stand out more than, say, the sites the dozens of other customers visited on the network during the day.

I've gathered that since the wifi is a free service for customers that they're not going to check the log (if there is one). I've decided to stop with the 4chan, though, what with the massive amounts of incidental porn/cp that your browser eventually ends up downloading if you hang around /b/ long enough.

I've decided to stop with the 4chan, though, what with the massive amounts of incidental porn/cp that your browser eventually ends up downloading if you hang around /b/ long enough.

You are indeed a man of reason...



- Are you lost?? :confused:

- Are you lost?? :confused:

Huh? :confused:

To the poster who said they'd have to do a fair bit of packet picking to figure out what you've been doing: dont you think it would be simple to execute a man in the middle attack between a wifi ap and an internet connection if you own both?

Also, the router could be running custom firmware to help index traffic to MAC address, but that speculation. I havent ever seen that implemented.

My advice would be to use strong encryption (https works) and to spoof your mac address.

Yes they can - however it would take a fair bit of time to piece the packets together and finish an analysis.

Also, you'd have to ask oddballz - but the router might log you MAC address...
Well I meant some idiot who owns a car lot won't be leet enough to do it...

You don't need to do any 'packet reassembling'. You can write a script that sniffs packets out of the air, examines if they're http(s), if they are, log the destination, and then go back to waiting. It'd be trivial.

Now, they can only see the full stream (including passwords and form submissions) if you're using http, NOT https. Totse provides an https interface: just replace http with https in your address bar, and you're good to go. Note that they could also spoof the certificate, and totse's is self-signed, so that isn't as secure as it could be. It'd also be easy to log http and https streams if detected; it'd be harder to look through them manually for passwords. Thankfully, a script can do that too.

if so my neighbors will be in for a huge surprise ( thousands of porn sites)

Grow some balls and go on the net !