Note: This won't work however if the access point blocks outgoing ICMP "TTL expired" messages, but normally they aren't configured that way. The drop-down menu will have the BSSID listed automatically. On macOS, you can hold the Option key down while you’re also clicking on the WiFi icon which is found in the top right-hand corner. Since 10.21.161.141 is only one hop away, and it's not on my network (I am on 10.21.176.0/24), it is the outside interface of my gateway. The Wi-Fi WPS vulnerability has been known for years, so it scarcely qualifies as news. If you’re looking for your BSSID on the Windows OS, you can run the command netsh wlan show interfaces find BSSID. ![]() ![]() Tracing route to 10.21.161.141 over a maximum of 30 hops Tracing route to 10.21.161.142 over a maximum of 30 hops We can keep on decreasing or increasing the last octet, again this is better if you'd script it (or run an hping with your ttl value set to 1): C:\>tracert -d 10.21.161.142 Tracing route to 10.21.161.149 over a maximum of 30 hops Here you can see that 10.21.176.2 is my gateway (Access point) and you can then determine which of these IP addresses in the range of your second hop (in my case 10.21.161.*, assuming it's a normal C class network) will reply straight away, this can be either scripted or done manually: C:\>tracert -d 10.21.161.149 I am connected to an access point, and I can do a traceroute to an outside IP address then see what the second "hop" is: C:\>tracert You can do this using a tool such as hping, or simply traceroute (tracert in Windows). There is a way to find out if you modify the TTL values.
0 Comments
Leave a Reply. |