[SOLVED] Physically locate wifi connected device

[john28443nc]

I have an asus router. There are 16 devices shown on the wireless network. TVs, phones, tablets, PCs, ROKUs, and I don't know what else. I want to physically identify and locate each device before locking down the network more and kicking anything off. There are 2 girls who don't take security very seriously. So I want to identify every current/legitimate device for now and the future. My router will allow me to give them names. My concern is that the girls don't know everything they may have connected. Moreover they share passwords and there is no telling what their friends may have connected. So my question is, how do I physically locate and identify each device connected? I'd like to do this without having an inquisition with the girls. Thanks in advance for your help

 

[jojesa]

Just check each device MAC address (physical address) and compare it to the list of connected devices on your network.
If you happen to encounter a device connected that do not match the MAC address of any of your devices, then you can safely block it.

 

[kanewolf]

Change the WIFI password. Make them bring you devices to get the password. Enable MAC filtering and only enable the devices they bring you. Tell them they can bring you a new device any time without reprisal. Even if THEY enter the new password on another device, it won't be connected. It is unlikely they will spoof the MAC address to get around it.

 

[john28443nc]

Just check each device MAC address (physical address) and compare it to the list of connected devices on your network.
If you happen to encounter a device connected that do not match the MAC address of any of your devices, then you can safely block it.

Thanks for the ideas. However, this doesn't help. It assumes I know what all the devices and where they are. I don't. They can be under the beds, behind dressers, inside drawers, under the sheets, closets, or purses, or even in a parked car in the garage, or maybe the car itself, etc... I need a way to physically track them down or get close without the cooperation of the girls and without doing a total search of the house.

Just check each device MAC address (physical address) and compare it to the list of connected devices on your network.
If you happen to encounter a device connected that do not match the MAC address of any of your devices, then you can safely block it.

Thanks for the feedback but this doesn't help me. I can find the obvious devices, but there are several that aren't obvious. They could be anything and I don't know where they are or what they are. I don't trust the girls to know or remember either. They could be under beds, behind dressers, in drawers, under sheets in cloths or closets, in a purse, a light bulb, something a friend misplaced, or in the parked car, or even the car itself. I need a way to get get close enough to look. I can't tear the house apart or search their rooms in a random way. If my router gives me the Mac address is there away to find out what it is? A phone, camera, roku, chromecast, tablet, pc, TV, or who knows what else.

 

[john28443nc]

Change the WIFI password. Make them bring you devices to get the password. Enable MAC filtering and only enable the devices they bring you. Tell them they can bring you a new device any time without reprisal. Even if THEY enter the new password on another device, it won't be connected. It is unlikely they will spoof the MAC address to get around it.

That may be the only option. But it's a pain. If I understand correctly I can leave the passwords alone. Just turn on MAC address filtering and only add add devices as they bring them to me? Would everything get kicked off the network until I added the MAC address to the MAC filter list?

 

[USAFRet]

As above, changing the WiFi password, disconnects EVERYTHING.
Only reconnect when someone brings you a physical device.
Then you put that MAC address in the Approved list.

 

[john28443nc]

As above, changing the WiFi password, disconnects EVERYTHING.
Only reconnect when someone brings you a physical device.
Then you put that MAC address in the Approved list.

I'm not sure I follow how the password and Mac filter works. Once I give them the new password they don't need to bring me anything else? Or can I change the password to kick everything off the network. Then turn on Mac filtering and add the known device MAC addresses. Then reset the password to the original one and then only the devices that have had their Mac address added can get back on?

 

[kanewolf]

I'm not sure I follow how the password and Mac filter works. Once I give them the new password they don't need to bring me anything else? Or can I change the password to kick everything off the network. Then turn on Mac filtering and add the known device MAC addresses. Then reset the password to the original one and then only the devices that have had their Mac address added can get back on?

You change the WIFI password to disconnect EVERYTHING. You enable MAC filtering. You have no authorized MAC addresses and no clients. As you are asked for passwords, you are brought devices to authorize. You enter the MAC addresses and provide the password. If a device is not in the MAC authorized list, even with the password it won't connect.
You DON'T revert the password the new password is the password going forward. You should change your WIFI password periodically for security anyway. Just think of this as the first update.

 

[john28443nc]

You change the WIFI password to disconnect EVERYTHING. You enable MAC filtering. You have no authorized MAC addresses and no clients. As you are asked for passwords, you are brought devices to authorize. You enter the MAC addresses and provide the password. If a device is not in the MAC authorized list, even with the password it won't connect.
You DON'T revert the password the new password is the password going forward. You should change your WIFI password periodically for security anyway. Just think of this as the first update.

Okay. I understand that. One more question. I have many devices like smart light bulbs, Roku decices, Chromecast, thermostats, etc that are a pain to Change the network/password on — and the number is growing every few months. There has to be a better way to provide security without changing the password every year. It would take all day or more for me to find and change them. Any help?

 

[bill001g]

This is the problem with security. To have very secure networks you have to give up convenience many times.

The solution to the passwords is to use enterprise mode and every person has their own ID and password. That way you know all the devices a person is using. To a point it is on them since if they tell a Friend and that person does something it will track back their userid

It is not that hard to setup you just need a radius server but people have been putting those on raspberry pi even.

Still that is not likely a solution. Because you have things like smart bulbs and thermostats you likely are going to have to leave WPS enabled. Most these devices have no way to set a initial SSID and passwords. They all depend on magic push button and everything connects via magic. WPS does not work with enterprise mode.

This magic comes at a very high price. Someone can crack the WPS function within seconds. It has been compromised for years and is recommended the feature be disabled. Unfortunately the dumb masses who need to watch youtube video to use a toaster don't want to be bothered with setting manual SSID and passwords. They are perfectly happy to trade off security for being lazy.