Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
725 posts

Ultimate Geek
+1 received by user: 301

Subscriber

  Reply # 1967036 2-Mar-2018 13:36
Send private message

The system might be looking at the TTL on the packets, and know they have been through a hop already, if NAT isn't working.

 

 








221 posts

Master Geek
+1 received by user: 86


  Reply # 1967133 2-Mar-2018 15:58
Send private message

The switch port is most likely in access mode so have you tried connecting an access point to the faceplate with a PoE injector?  Configure the access point to get an IP address via DHCP, have a single SSID and send all traffic untagged.


 
 
 
 


1292 posts

Uber Geek
+1 received by user: 295


  Reply # 1967141 2-Mar-2018 16:23
Send private message

Haha I'm sure the students will appreciate the rogue AP.

221 posts

Master Geek
+1 received by user: 86


  Reply # 1967164 2-Mar-2018 16:57
Send private message

There is nothing wrong with making a bit of cash on the side :-)




4974 posts

Uber Geek
+1 received by user: 105

Trusted

  Reply # 1967302 2-Mar-2018 21:25
Send private message

Crowdie:

 

The switch port is most likely in access mode so have you tried connecting an access point to the faceplate with a PoE injector?  Configure the access point to get an IP address via DHCP, have a single SSID and send all traffic untagged.

 

 

Not sure I understand that. Why do you need PoE injector?

 

I think that the switch port or access router is enforcing a logon (some sort of backend authentication) and then possibly storing the MAC address. No idea if it's check TTL hops - that would seem overkill.

 

So going to try the following

 

Logon with the PC

 

Disconnect PC and connect router with spoofed MAC address same as the PC. Theoretically it still think the PC is still logged on unless the disconnect to connect the router shows a session has ended.

 

The Pi as an AP looks like a good idea but I need software on the Pi that can present the logon credentials.





System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 


221 posts

Master Geek
+1 received by user: 86


  Reply # 1967431 3-Mar-2018 10:00
Send private message

lchiu7:

 

Crowdie:

 

The switch port is most likely in access mode so have you tried connecting an access point to the faceplate with a PoE injector?  Configure the access point to get an IP address via DHCP, have a single SSID and send all traffic untagged.

 

 

Not sure I understand that. Why do you need PoE injector?

 

 

The PoE injector is to supply power to the access point.  It is unlikely that this is enabled on the switch port in your room.

 

 


221 posts

Master Geek
+1 received by user: 86


  Reply # 1967504 3-Mar-2018 12:42
One person supports this post
Send private message

When you connect your laptop directly to the network how are you challenged for credentials?  Does a web page "pop up" with terms and conditions or just a requestor appear in the bottom right hand corner (by the date/time) with username and password fields?


45 posts

Geek
+1 received by user: 14

Subscriber

  Reply # 1967509 3-Mar-2018 13:26
2 people support this post
Send private message

I do this all the time in Hotels, especially if theres a better wired network connection than Wifi. 

 

My travel router is a basic $50 Mikrotik, with NAT, DHCP, Firewall, (along with VPN but that's not important). Then the first client that connects to the wifi network from the mikrotik has go authenticate through the captive portal, after that none of my other devices have to authenticate.




4974 posts

Uber Geek
+1 received by user: 105

Trusted

  Reply # 1967671 3-Mar-2018 22:23
Send private message

Tried a few more things but not successful. To confirm that the router was checking MAC addresses, got him to change the MAC address on his PC and connect. He was challenged with a logon screen and once credentials entered, able to access the Internet.

 

Cloned that MAC address on the router, set the WAN side to be static wired, used the IP addressed assigned by DHCP to the PC in the router, and the gateway and DNS servers. Still unable to access the Internet from the PC now connected to the router but able to ping the gateway.

 

Hard to diagnose remotely via phone but can't think what else to do. Tried to find out if Gargoyle has some utilities that can check the connectivity on the WAN side but can't find any.

 

So it's back to use Internet sharing on Windows which is a bit slow for WiFi

 

And now he's not trying to sell WiFi to anybody!  Just wants to use his phone, tablet PC and Amazon Dot.





System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 


1292 posts

Uber Geek
+1 received by user: 295


  Reply # 1967675 3-Mar-2018 22:31
Send private message

lchiu7:

So it's back to use Internet sharing on Windows which is a bit slow for WiFi

 

 

Try disabling the "QoS Packet Scheduler" on the network adapters.

 

 

See thread: https://www.geekzone.co.nz/forums.asp?forumid=66&topicid=228751

27270 posts

Uber Geek
+1 received by user: 6699

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1967747 4-Mar-2018 09:04
Send private message

I'm not really sure why this is proving do difficult.

 

The switchport is presumably allowing on a single MAC address at a time plugged into Ethernet. All you should simply need to do is plug in a WiFi router and connect your devices to this. The first time you do this you'll need to authenticate yourself however as all devices behind the router are being a NAT firewall they'll all present the same MAC address. Depending on the captive portal timeout rules you may need to authenticate regularly, but this can happen on any device.

 

 




4974 posts

Uber Geek
+1 received by user: 105

Trusted

  Reply # 1967781 4-Mar-2018 10:13
Send private message

I wouldn't have though it was either since when I first helped him set it up, it worked perfectly as you described. Not it's stop working so perhaps the university has done something?

 

Going to try again but as I said it's hard over the phone.

 

Based on this manual try setting the WAN port on the router to DHCP

 

https://www.gargoyle-router.com/wiki/doku.php?id=basic

 

 

 

Let the university switch/router assign an appropriate IP and log the MAC address.

 

Then connect the PC to a LAN port and let the router do DHCP also. Then see if the university logon screen presents itself.

 

Not sure where else to go if that fails.





System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 


221 posts

Master Geek
+1 received by user: 86


  Reply # 1967864 4-Mar-2018 12:27
One person supports this post
Send private message

The days of universities just deploying switches are long gone.  If you are at a major university the following is likely to be deployed:

 

  • Layer 2 switch (what you are connecting to)
  • A policy server (Cisco Identity Services, Aruba ClearPass, etc.)
  • An application aware firewall
  • A machine learning analysis server (Aruba Introspect, etc.) - these are starting to be deployed now.

When you connect to the switch port the policy server analyses your authentication data and categories you - as a student connecting using a Windows device, for example.  The policy server applies settings to your switch port and the application aware firewall.

 

As you communicate over the network the machine learning analysis server analyses your traffic and compares it to the expected student traffic.  Minor differences are logged and major differences will result in the policy server making network changes (shutting down your switch port, changing the firewall rules applied to you, etc.) to mitigate the risk. 


1292 posts

Uber Geek
+1 received by user: 295


  Reply # 1967870 4-Mar-2018 13:00
Send private message

You reckon it can differentiate by heuristics how Windows does its DHCP vs a router? Or is it based on detecting NBT and other broadcast traffic that Windows/client operating systems spout out onto the LAN.

 

 

At this point I think it might be wise to just try another router. If you don't have one on hand purchase one of those compact travel routers as mentioned above, they are not high performance. I have seen them go for as little as $30, see what is available on Trademe.

221 posts

Master Geek
+1 received by user: 86


  Reply # 1967873 4-Mar-2018 13:10
Send private message

You have to remember that these machine learning systems are designed for governments, Fortune 500 companies, etc.  Residential and SOHO products are not even going to get close to conning these systems.


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.