Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
644 posts

Ultimate Geek
+1 received by user: 264


  Reply # 1967036 2-Mar-2018 13:36
Send private message

The system might be looking at the TTL on the packets, and know they have been through a hop already, if NAT isn't working.

 

 








183 posts

Master Geek
+1 received by user: 69


  Reply # 1967133 2-Mar-2018 15:58
Send private message

The switch port is most likely in access mode so have you tried connecting an access point to the faceplate with a PoE injector?  Configure the access point to get an IP address via DHCP, have a single SSID and send all traffic untagged.


1183 posts

Uber Geek
+1 received by user: 262


  Reply # 1967141 2-Mar-2018 16:23
Send private message

Haha I'm sure the students will appreciate the rogue AP.

183 posts

Master Geek
+1 received by user: 69


  Reply # 1967164 2-Mar-2018 16:57
Send private message

There is nothing wrong with making a bit of cash on the side :-)




4853 posts

Uber Geek
+1 received by user: 92

Trusted

  Reply # 1967302 2-Mar-2018 21:25
Send private message

Crowdie:

 

The switch port is most likely in access mode so have you tried connecting an access point to the faceplate with a PoE injector?  Configure the access point to get an IP address via DHCP, have a single SSID and send all traffic untagged.

 

 

Not sure I understand that. Why do you need PoE injector?

 

I think that the switch port or access router is enforcing a logon (some sort of backend authentication) and then possibly storing the MAC address. No idea if it's check TTL hops - that would seem overkill.

 

So going to try the following

 

Logon with the PC

 

Disconnect PC and connect router with spoofed MAC address same as the PC. Theoretically it still think the PC is still logged on unless the disconnect to connect the router shows a session has ended.

 

The Pi as an AP looks like a good idea but I need software on the Pi that can present the logon credentials.





System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 


183 posts

Master Geek
+1 received by user: 69


  Reply # 1967431 3-Mar-2018 10:00
Send private message

lchiu7:

 

Crowdie:

 

The switch port is most likely in access mode so have you tried connecting an access point to the faceplate with a PoE injector?  Configure the access point to get an IP address via DHCP, have a single SSID and send all traffic untagged.

 

 

Not sure I understand that. Why do you need PoE injector?

 

 

The PoE injector is to supply power to the access point.  It is unlikely that this is enabled on the switch port in your room.

 

 


183 posts

Master Geek
+1 received by user: 69


  Reply # 1967504 3-Mar-2018 12:42
One person supports this post
Send private message

When you connect your laptop directly to the network how are you challenged for credentials?  Does a web page "pop up" with terms and conditions or just a requestor appear in the bottom right hand corner (by the date/time) with username and password fields?


42 posts

Geek
+1 received by user: 12

Subscriber

  Reply # 1967509 3-Mar-2018 13:26
2 people support this post
Send private message

I do this all the time in Hotels, especially if theres a better wired network connection than Wifi. 

 

My travel router is a basic $50 Mikrotik, with NAT, DHCP, Firewall, (along with VPN but that's not important). Then the first client that connects to the wifi network from the mikrotik has go authenticate through the captive portal, after that none of my other devices have to authenticate.




4853 posts

Uber Geek
+1 received by user: 92

Trusted

  Reply # 1967671 3-Mar-2018 22:23
Send private message

Tried a few more things but not successful. To confirm that the router was checking MAC addresses, got him to change the MAC address on his PC and connect. He was challenged with a logon screen and once credentials entered, able to access the Internet.

 

Cloned that MAC address on the router, set the WAN side to be static wired, used the IP addressed assigned by DHCP to the PC in the router, and the gateway and DNS servers. Still unable to access the Internet from the PC now connected to the router but able to ping the gateway.

 

Hard to diagnose remotely via phone but can't think what else to do. Tried to find out if Gargoyle has some utilities that can check the connectivity on the WAN side but can't find any.

 

So it's back to use Internet sharing on Windows which is a bit slow for WiFi

 

And now he's not trying to sell WiFi to anybody!  Just wants to use his phone, tablet PC and Amazon Dot.





System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 


1183 posts

Uber Geek
+1 received by user: 262


  Reply # 1967675 3-Mar-2018 22:31
Send private message

lchiu7:

So it's back to use Internet sharing on Windows which is a bit slow for WiFi

 

 

Try disabling the "QoS Packet Scheduler" on the network adapters.

 

 

See thread: https://www.geekzone.co.nz/forums.asp?forumid=66&topicid=228751

26486 posts

Uber Geek
+1 received by user: 6036

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1967747 4-Mar-2018 09:04
Send private message

I'm not really sure why this is proving do difficult.

 

The switchport is presumably allowing on a single MAC address at a time plugged into Ethernet. All you should simply need to do is plug in a WiFi router and connect your devices to this. The first time you do this you'll need to authenticate yourself however as all devices behind the router are being a NAT firewall they'll all present the same MAC address. Depending on the captive portal timeout rules you may need to authenticate regularly, but this can happen on any device.

 

 




4853 posts

Uber Geek
+1 received by user: 92

Trusted

  Reply # 1967781 4-Mar-2018 10:13
Send private message

I wouldn't have though it was either since when I first helped him set it up, it worked perfectly as you described. Not it's stop working so perhaps the university has done something?

 

Going to try again but as I said it's hard over the phone.

 

Based on this manual try setting the WAN port on the router to DHCP

 

https://www.gargoyle-router.com/wiki/doku.php?id=basic

 

 

 

Let the university switch/router assign an appropriate IP and log the MAC address.

 

Then connect the PC to a LAN port and let the router do DHCP also. Then see if the university logon screen presents itself.

 

Not sure where else to go if that fails.





System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 


183 posts

Master Geek
+1 received by user: 69


  Reply # 1967864 4-Mar-2018 12:27
One person supports this post
Send private message

The days of universities just deploying switches are long gone.  If you are at a major university the following is likely to be deployed:

 

  • Layer 2 switch (what you are connecting to)
  • A policy server (Cisco Identity Services, Aruba ClearPass, etc.)
  • An application aware firewall
  • A machine learning analysis server (Aruba Introspect, etc.) - these are starting to be deployed now.

When you connect to the switch port the policy server analyses your authentication data and categories you - as a student connecting using a Windows device, for example.  The policy server applies settings to your switch port and the application aware firewall.

 

As you communicate over the network the machine learning analysis server analyses your traffic and compares it to the expected student traffic.  Minor differences are logged and major differences will result in the policy server making network changes (shutting down your switch port, changing the firewall rules applied to you, etc.) to mitigate the risk. 


1183 posts

Uber Geek
+1 received by user: 262


  Reply # 1967870 4-Mar-2018 13:00
Send private message

You reckon it can differentiate by heuristics how Windows does its DHCP vs a router? Or is it based on detecting NBT and other broadcast traffic that Windows/client operating systems spout out onto the LAN.

 

 

At this point I think it might be wise to just try another router. If you don't have one on hand purchase one of those compact travel routers as mentioned above, they are not high performance. I have seen them go for as little as $30, see what is available on Trademe.

183 posts

Master Geek
+1 received by user: 69


  Reply # 1967873 4-Mar-2018 13:10
Send private message

You have to remember that these machine learning systems are designed for governments, Fortune 500 companies, etc.  Residential and SOHO products are not even going to get close to conning these systems.


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07


All or Nothing: New Zealand All Blacks arrives on Amazon Prime Video
Posted 2-Jun-2018 16:21


Innovation Grant, High Tech Awards and new USA office for Kiwi tech company SwipedOn
Posted 1-Jun-2018 20:54


Commerce Commission warns Apple for misleading consumers about their rights
Posted 30-May-2018 13:15


IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17


Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.