Weird device appeared on my WiFi network.

[WelshBloke]

It showing up as "Aerohive Networks Inc.F09CE9 (base 16)Aerohive Networks Inc.330 Gibraltar DriveSunnyvale CA 94089US" with a local IP address and identifying as a DD-WRT router.

I've blocked it at my router but I'd like to know what the hell it is. Theres no new physical devices in the house and it seems to have a strong connection to be outside.

I'm perplexed.

 

[WelshBloke]

Oh and the network is secured with WPA2 AES so I dont think that its "the guy next door".

 

[Puffnstuff]

Is there a business close by to you? That is an enterprise router from aerohive http://www.aerohive.com/ but if your network is secured it shouldn't be able to connect to your network unless it's been breached. I would immediately change the mac address to your router then reboot it followed by rebooting your modem to obtain a new ip address (works unless your isp has issued a static ip address), change the password to a very strong one, turn off ssid broadcast and see if it reconnects. Make sure that your router is set to not respond to WAN pings.

 

[sdifox]

If it is indeed an Aerohive wap, it is just scanning for rogue devices on their network. I dont think ddwrt ever made it onto Aerohive gear. So I don't know what to make of this.

 

[WelshBloke]

Residential area, no businesses for a mile or so. Even then I doubt that there's an enterprise level router in the village.

I'm busy with work till Friday so I'll not be able to do any digging till then.

I'm sort of thinking that it's something installed on one of my devices rather than a new physical device.

Does that make sense? (I've got things like Plex servers that have different MAC addresses and IP addresses to the physical hardware they run on so it's possible, yes?)

TBH networking always seems a bit voodoo to me.

 

[sdifox]

Residential area, no businesses for a mile or so. Even then I doubt that there's an enterprise level router in the village.

I'm busy with work till Friday so I'll not be able to do any digging till then.

I'm sort of thinking that it's something installed on one of my devices rather than a new physical device.

Does that make sense? (I've got things like Plex servers that have different MAC addresses and IP addresses to the physical hardware they run on so it's possible, yes?)

TBH networking always seems a bit voodoo to me.

I have an Aerohive AP340 in my house :awe:

 

[JackMDS]

It is like standing in the Windows and insisting to know who is every one that passes by in the busy street.

 

[WelshBloke]

Well there's only two other devices broadcasting on 2.5ghz that I can pick up in my house (none on 5ghz), it's not a particularly high density area, so I still don't think that it's an external device.

 

[JackMDS]

Wireless Network Watcher.

http://www.nirsoft.net/utils/wireless_network_watcher.html

 

[dave_the_nerd]

Is it possible it's a Nintendo DS, embedded device, or something that's being misidentified? Were you tinkering with a Raspberry Pi? Running a VM on one of your computers maybe?

I have enough devices that when I look at access logs for things, I sometimes get confused. E.G., the FireTV shows up as an Android device in the PLEX server log, but an Amazon device in my router. The Sony Blu-Ray player shows up as some weird non-english name (whoever built the WiFi chip, I guess.)

We had a thread here a ways back because a newer Chromecast was showing up with an unknown MAC/Vendor ID.

 

[sdifox]

Is it possible it's a Nintendo DS, embedded device, or something that's being misidentified? Were you tinkering with a Raspberry Pi? Running a VM on one of your computers maybe?

I have enough devices that when I look at access logs for things, I sometimes get confused. E.G., the FireTV shows up as an Android device in the PLEX server log, but an Amazon device in my router. The Sony Blu-Ray player shows up as some weird non-english name (whoever built the WiFi chip, I guess.)

We had a thread here a ways back because a newer Chromecast was showing up with an unknown MAC/Vendor ID.

That Chromecast mac thread was mine :awe:

 

[WelshBloke]

Is it possible it's a Nintendo DS, embedded device, or something that's being misidentified? Were you tinkering with a Raspberry Pi? Running a VM on one of your computers maybe?

All my physical devices were accounted for correctly (or as correctly as they ever are).

There's a few services (like plex) that show up with MAC addresses but they should be there. I don't really understand having MAC addresses on virtual things, I always thought that MAC addresses were meant to identify hardware.

When I get time off work I'll go round turning things off till the suspicious device (hopefully) disappears. At least I'll know what machine it's on then.

 

[sdifox]

Plex is running in a vm? It would have virtual Nic.

 

[WelshBloke]

Plex is running in a vm? It would have virtual Nic.

It's running on my freenas box. I'm not sure what arcane method freebsd runs stuff like that but I just used the built in plug in.

 

[dave_the_nerd]

It's running on my freenas box. I'm not sure what arcane method freebsd runs stuff like that but I just used the built in plug in.

If it's using Jails (I think that's how FreeNAS works - was last time I looked), those don't have their own MAC addresses.

Virtual machines create virtual NICs with MAC addresses. Virtual hardware is still hardware.

 

[sdifox]

It's running on my freenas box. I'm not sure what arcane method freebsd runs stuff like that but I just used the built in plug in.

Then the freenas mac would show up.

 

[WelshBloke]

If it's using Jails (I think that's how FreeNAS works - was last time I looked), those don't have their own MAC addresses.

Virtual machines create virtual NICs with MAC addresses. Virtual hardware is still hardware.

Then the freenas mac would show up.

Cheers. I'll check when I get home.

 

[WelshBloke]

Heres a (partial) list of my wired connections. Theres only two physical devices there, my desktop pc and my freenas server (the server has two physical connections on x.x.x.67 and x.x.x.117). The PMS and the one at x.x.x.4 (owncloud server) both live on the freenas server but both have individual MAC addresses. Is this not normal then?

 

[sdifox]

Heres a (partial) list of my wired connections. Theres only two physical devices there, my desktop pc and my freenas server (the server has two physical connections on x.x.x.67 and x.x.x.117). The PMS and the one at x.x.x.4 (owncloud server) both live on the freenas server but both have individual MAC addresses. Is this not normal then?

I don't actually know how the freenas plus plex thing works, but it looks like indeed they have distinct IPs. I don't see the aerohive in question though. You blocked it?

 

[WelshBloke]

I don't actually know how the freenas plus plex thing works, but it looks like indeed they have distinct IPs. I don't see the aerohive in question though. You blocked it?

It's more the different MAC addresses that's thrown me. I always end up treating them as different machines and get all confused when plex goes down because I rebooted the FreeNAS box.

The dodgy aerohive was on a wifi connection, I've locked that down pretty tightly. I need to loosen up the network later. I'm sort of hoping that it will still be there so I can work out what it is.

 

[WelshBloke]

Well it never did turn up again so I wasnt able to find out what was going on.

On the plus side it never did turn up again.

Still confused about MACs though.

 

[sdifox]

Well it never did turn up again so I wasnt able to find out what was going on.

On the plus side it never did turn up again.

Still confused about MACs though.

Just admit you were high :biggrin:

 

[WelshBloke]

Just admit you were high :biggrin:

I wish!

 

[WelshBloke]

Found it!!

Its my sons Kindle. Which is weird.

 

[JackMDS]

Switch On every thingthat uses the Wireless and run the program that I linked to in my Dec.2 post.

Then save the output and you would have a list of all Devices' IPs, MACs, etc. that are using the Wireless.

Help you avoid looking for "Aliens" in the Future.

Even better switch all wireless and wired devices and use the following App., similarly you can save every thing on the Network (Wired and Wireless) for future deference.

The above does not take more than a minute or two and would save the Anxieties since Dec. 2, 4:34pm

https://www.softperfect.com/products/networkscanner/

P.S. Both utilizes are free and portable, thus have No affect on the system.