How to see Real Mac addresses under "clients" connected to router?

Hello everyone

I trust this message finds you in good spirits and health.

I am reaching out to solicit insights concerning an initiative I’ve recently commenced, wherein I enabled a guest Wi-Fi feature on my Flint 2 router. My intention is to offer a complimentary and unrestricted internet connection to my neighboring community here in Iran. Due to the pervasive challenges we face with VPN accessibility, given that a staggering 99 percent face blockages and connectivity issues; I’ve incorporated VPN functionality directly within my router to alleviate this burden for my neighbors.

The Flint 2 router’s superior signal strength further underscores my commitment to this endeavor, aiming to be a bastion of assistance in a landscape where reliable internet is a scarce commodity.

My inquiry pertains to a particular observation: several devices connecting to the guest network exhibit “unknown” labels with seemingly randomized MAC addresses. Whether this anonymization is a byproduct of the GL.iNet router’s design or an attribute of the connecting devices themselves remains ambiguous.

Within this context, my curiosity is twofold. Firstly, I seek to ascertain the nature of the devices connecting to my network—be it a smartphone, laptop, or other electronics. Secondly, and perhaps more pressing, is the aspect of security. I am keenly interested in ensuring that my network remains inviolable, free from any invasive attempts to compromise its integrity.

To furnish some specifics, my router segregates guest users onto a distinct LAN (192.168.9.x), ostensibly mitigating potential risks. Yet, the matter of device identification persists, and it is here that I appeal for your esteemed guidance.

In sum, my goal is to discern, with a reasonable degree of certainty, the types of devices connecting to my network. Any support or suggestions that could steer me towards identifying the model or make of said devices would be greatly appreciated.

Thank you for accommodating my request.

Metal Regards,
Greencat

Some Android devices use randomized mac addresses this is a option on their phone as i can relate that to my own phone which has it default active by factory settings.

Though on the router side its difficult knowing the identity/device behind a mac address.

The reason is to why is because a mac address can also be spoofed, this means also the randomize function on these Android phones can do that.

There is still a way to look up non randomized mac addresses.

each octal between : the first 2 or 3 octals are vendor identifcation, with other words you can use this site to check what device manufacturer it is from, that site just does it for you

From the Unknown naming i also see this happening on randomized mac devices, but why it does that i guess it has to do with the matching dhcp lease which is not matching the mac address.

– edit

My 2 cents are to diagnose your wireless activity on the router, and as soon you distinguish the randomized ones from the non randomized ones, you might consider a mac whitelist, in luci you have a option into luci → wireless → wifi name (click edit) → mac whitelist (tab), if it is not there you might use the mediatek sdk build then you need a script

Nope.

MAC randomisation randomise the OUI part as well.
So the answer to the whole question is: You can’t figure out the MAC address nor the device type by randomised MAC.

Which is totally fine and should be respected.

That is true, but i clearly said for non randomized devices.

Though indeed one can also spoof a non randomized device, but it atleast gives OP some way to work with it.

Gl gui showing which is randomize mac addresses
For example:

IMG_20240306_140352834×295 29.8 KB

arent you a Genius

Just playing devil’s advocate here but how do people connecting to your network know that you are not some shady government agent spying on their communications?

Not OP, but I suspect since they use the term “neighbors” these might be folks that he lives around, talks to regularly, has rapport with, and may have even grown up with. There are few guarantees in life, but sometimes you just have to trust (but verify) someone.

If they are all such lovely and cuddly neighbours then why would the OP want to know the exact details of all types of devices connected and their MAC addresses? Surely the OP would only be handing out their network credentials to those who they trust.

Because they live in an oppressive country and OP might fear that unauthorized devices and unknown “neighbors” could be government officials trying to locate and arrest people who are trying to be less oppressed? Why the attitude on this @Almahadeus?

Don’t really know. I just find the way the OP phrased their question to be a bit too James Bondy and sounds somewhat fishy! Playing the devil’s advocate as I have said. Also any person with a mobile phone and a WiFi analyzer can very easily locate where any SSID is broadcasting from and so the OP will be bust in seconds if someone would want to catch them. Does not really make any sense.

It is easier to just take OP’s word for it, though, right? Does it hurt you any to do that? There is a difference between taking a calculated risk and being completely reckless with your freedom and/or life.

What you say is true, they can find access points and see where they are. But they may have more difficulty actually finding out what they are doing. Providing WiFi is not illegal to the best of my knowledge in Iran, but bypassing government controls and censors probably is. It will likely be a little more difficult to accidentally discover exactly what people are doing on the WiFi if they don’t have access to the WiFi network.

Keep fighting the good fight @GreenCat.

I totaly get what you are saying and admire your spirited support for a noble cause. Not sure why the OP is not responding here. If I open up my network to others and then A device (let’s say an HP laptop, for example) suddenly connects to my network, what will that piece of info let me do or what will it help me with? How will it add to my knowledge whether this device (HP laptop in this example) is a friend or foe? The only advantage that I can see is that it will be evidence that can be held against the owner that they have been trying to circumvent government censorship (i.e. entrapment). I would love to understand how knowing the MAC address and type of device can otherwise help the OP with their endeavour.

From my perspective, I just don’t care about those details. I don’t view that as my judgement call to make. OP is not in my timezone I would guess and access to the internet may not be easy. But who knows? Maybe OP will come back and let us know so we can try to help them more. If not, so be it. I am not trying to be an a** at all, I just don’t think OP really owes me any explanation.

It is said that the devil is in the details. Sleep well.

Maybe this thread would provide you a little more comfort?

All in all security by MAC is as useless as security by IP. And speaking of an open Wi-Fi it’s not even worth a thought.

Not really as @bring.fringe18 has completely disappeared since then. May be the Ayottollahs have got him?!?!

I would not say it is worthless, it is a piece of the puzzle, but should definitely not be relied on solely. It is still useful for casual observers/scanning, but it will not stand up to an active attacker.