2.7
- Discovering unauthorized clients
- The
method of discovering if there is any unauthorized client connected
to an specific AP consists just on comparing the list of authorized
clients with the list of the actually connected clients. There are
two ways to detect what clients are connected to an specific AP:
a)
checking the AP itself:
- The
Access Control option allows to obtain the list of connected clients
at a given instant:
- For
example, in this case there are 5 clients connected to the lab's AP:
- Obviously,
client "kali" shouldn't be on the authorized client list,
so it could be easily considered an intruder.
b)
using the airodump-ng command to explore the AP:
- It
can be checked that boths ways of discovering clients yield identical
output.
