In addition the subnet I connect to is 255.255.0.0 but once in Ethereal I got a packet from a 192.168.0.x on the more common 255.255.255.0 subnet.
Yes, but a lesson first.
Introduction to TCP/IP 101
The 255.255.blah-blah stuff is not a network. It's what is known as a
subnet mask.
The mask tells a computer how much of an IP address is a
network IP address and how much is a
host IP address. Any part of the address which matches an ON bit ("1"
😉 in the mask is part of the network, any part which matches an OFF bit ("0"
😉 is part of the host.
Here is an example using just a section of an IP address:
IP Address 170
Subnet Mask 240
170 in decimal is equal to 10101010 in binary
240 in decimal is equal to 11110000 in binary
So in this example, the first four bits of any address are considered the network portion, and the latter four bits are the host portion. This would allow for up to 16 networks with 16 addresses per network.
Addr: NNNNhhhh
Net: 1010xxxx (10100000 == 160)
Host: xxxx1010 (00001010 == 10)
The network address is 160, or the 11th network allowed (0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240). The host is the 10th address beyond the network address, which is IP address 170.
Things to keep in mind...
[*]Addresses and Masks are 32 bits long (about 4 billion combinations)
[*]Addresses and Masks are broken down into four groups of eight bits for ease of reading (256 to the 4th power)
[*]Hosts can only talk to devices within its own subnet
[*]Hosts can only talk to devices outside its own subnet by passing the traffic to a gateway
[*]Gateways pass traffic between subnets (aka,
routing, IP forwarding) by having multiple IP addresses assigned to it, typically a different subnet for each NIC card or port on the device
[*]When the Masks of two networks make it so that the host addresses overlap, this is a conflict and is generally "a bad thing"
[*]Addresses that start with 192.168, 172.16 thru 172.23, and 10 are known as
private ranges. Its like being in your own house and declaring yourself king. Its fine as long as the guy next door is doing the same thing inside his own house. When you two both know about each other, there's a conflict. The government (the Internet) doesn't care because it doesn't recognize kings... its a Republic.
The Answer
When you connect to his WiFi access point, you are on his physical LAN. Its the same as plugging a cable from your laptop into his workstation.
The differences in subnet masks is a Red Herring - you're both using the private "192.168" address range on your home networks. The difference is that he has his netmask set to allow 65,534 hosts, you have yours set to allow 253 hosts. Big whoop. He prolly doesn't have that many machines, and even if he did, using a mask that big is a "bad thing".
If you can't see any other computers on his subnet, it could be due to security settings on his workstation. If he has Norton Firewall, WinXP Connection Firewalling, or some kind of IP filtering, it won't respond to a PING, nor will you see him in your network neighborhood.
That said, if you can perform a network scan against all 65K addresses, you will know if somebody else is there. Devices with an IP address must respond to an ARP, period. Its how your OS takes Ethernet and WiFi MAC addresses and relates it to an IP address. Firewalls don't do squat to secure this. It must be on in order for TCP/IP to work, and its only available to devices on the same subnet.
Anyways, scan his whole network. Then, open a command prompt or a DOS shell and type in "arp -a". You should see at least one address... that of your default gateway. Anything else is probably a workstation.
The Warning
Blah blah, this machine scanning is all illegal because you are unauthorized to be on his network.
The Fix
If the other guy is hacking your WiFi network, you need to do three things:
[*]
Enable a secure passphrase. If a client doesn't have a passphrase, he can't communicate on your network because everything is jibberish without the phrase to unlock it
[*]
Enable MAC address access lists. Find out the MAC address of your WiFi card and add it to your WiFi access point's access control list (ACL). To find your MAC address, look at the label on your WiFi PC Card. If its built into the laptop (ie, Centrino), then open a command prompt or DOS shell, type in "ipconfig /all", and look for the line "Physical Address" with the alphanumeral "00-1A-2B-3C-4D-5E" or such after it. That weird alphanumeral is your MAC address.
[*]
Disable SSID broadcasting. If your WiFi access point doesn't announce to the world that it exists, how will the world easily know that it's there? You can manually tell your laptop that your WiFi's SSID. Yes, its a bit of a pain, but its yet another second layer of protection.
