how can i determine, using network traffic, all clients connects to AP [closed]

Question

Closed. This question is not about programming or software development. It is not currently accepting answers.

---

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Closed 5 months ago.

Improve this question

What I want to understand is how to determine clients that associated/connected to an AP using network traffic.

For clarification: I am not connected to the network. I am using a usb card on monitor mode and capturing traffic using wireshark. I choose some AP I saw on the traffic and filtered all traffic relevant to it. I am trying to understand, using this data, what clients are connected to this AP.

Hope you guys understand what I mean.

Answer 1

You should look for the association request and association response 802.11 packets in your sniffed list. Basically, client sends the association request and AP replies with the response (you can parse the response according to the 802.11 to find out whether association was granted or rejected. The client will normally be connected to the AP until deauthentication packet arrives from the AP.

Answer 2

From what I know, there's no way to ask the AP for all connected clients unless you are the administrator of the AP but you wouldn't be listenning to the connection wouldn't you ? ;)

However, you can listen to all traffic relevant to this AP and try to determine wheter the captured packet is doing real business (fetching url, ftp, etc.) or just noise. This way, you can safely say that this given IP address is connected to the AP or not.