2.7 - Discovering unauthorized clients
- The method of discovering if there is any unauthorized client connected to an specific AP consists just on comparing the list of authorized clients with the list of the actually connected clients. There are two ways to detect what clients are connected to an specific AP:
a) checking the AP itself:
- The Access Control option allows to obtain the list of connected clients at a given instant:
- For example, in this case there are 5 clients connected to the lab's AP:
- Obviously, client "kali" shouldn't be on the authorized client list, so it could be easily considered an intruder.
b) using the airodump-ng command to explore the AP:
- It can be checked that boths ways of discovering clients yield identical output.