Host Monitor User's Guide

The Host Monitor is an application for monitoring the wireless hosts which are using - the technical term is "associated with" - an 802.11 wireless access point, or base station. The utility currently supports the Apple AirPort family of access points, including the original "Graphite" units, the newer "Snow" base stations, and the latest Extreme access points, as well as the Lucent RG-1000 base station, which is functionally identical to the "Graphite AirPort.

The utility monitors an access point by periodically querying it to determine the set of hosts which are currently associated; the default query interval is 5 seconds. Due to differences in the support provided by each different base station type for determining the set of associated hosts, the underlying mechanism for performing the query is quite different for each different model, which results in somewhat different behavior; this is discussed in the section Limitations, below. After each query, the set of hosts retrieved is displayed in a table, with the entry for each host including a hostname, MAC (hardware) address, IP address, and how long that host has been associated with the base station (if available). The result of a typical query (on a "Snow" AirPort base station) is illustrated in the following screenshot.

Main window screenshot

In addition to displaying a list of currently associated hosts, the Host Monitor can provide logging of hosts, and notification when new hosts appear. The notification can take the form of an audible "beep", or of an email message sent to a configurable address containing information for the newly arrived host(s). The logging and notification occur when a host first appears (associates with) a base station, and will occur again if a host goes away (disassociates) and then reappears (reassociates).

The following discusses the setup and running of the utility in more detail.

Startup

The Host Monitor is a Java application, contained in the file HostMonitor.jar. To run the application, you should be able to just double-click on the HostMonitor.jar file (in Mac OSX or Windows); if this doesn't work, you can enter
java -jar HostMonitor.jar
in a command-line window from the directory containing the HostMonitor.jar file.
This should open the "Preferences" dialog that allows you to enter the base station address and password, and configure the logging and notification features of the utility.

Java

If neither of the above approaches work to launch the utility, it may be that your computer doesn't have a Java Runtime Environment (JRE) installed. (Microsoft in particular has chosen to leave this component out of their recent operating systems. Thanks, Bill - "Where do you want to go today?" MacOS or Linux!) Fortunately, Sun offers free downloads of its JRE, available at
http://java.sun.com/j2se/1.4.2/download.html
Choose from the "JRE" column the download that corresponds to your operating system. The downloaded file will be a self-installer; once the download has completed, just run the installler (double-click on the file) to install the Java runtime environment.

Preferences Dialog

This dialog appears when the Host Monitor utility is first started, or when the "Change settings" button is selected. This dialog allows the base station address and type to be specified, as well as any actions that should occur when new hosts are detected that have associated with the base station.

Preferences dialog screenshot

Basic Settings

These settings are needed to allow the Host Monitor to query your base station.

Base station IP address
This is the local address of the base station; usually it's 10.0.1.1 when the base station is set to do NAT.

Base station password
This is the password used to access the base station for configuration; the default password when the base station is shipped is "public" (without quotes), but of course you changed that to something less obvious, right?

Base station type
Select the type of your base station; if yours isn't in the list, send me an email and we might be able to add support for it.

Logging

The Host Monitor can log accesses to your base station for later inspection.

Log associated host information
If this checkbox is selected, the Host Monitor will maintain a log of the hosts which have associated with your base station. The hosts will be logged when they first appear, and again if they disassociate and then return.

Log only unknown associated hosts
Log all associated hosts
These radio button settings determine whether all hosts should be logged when they appear, or just those which aren't known to the Host Monitor utility, i.e., those which haven't been added to the Known Host list.

Log file
Enter the name of the file to which you'd like host information to be logged. You can either type in a filename, or select one using the "Choose..." button. The utility will append messages to the specified log file, so the same file can be used repeatedly without the contents being overwritten. BTW, selecting an existing file such as /boot/vmlinuz, or CriticalWindowsComponent.dll, or any other essential system file, is a really bad idea - the Host Monitor will gleefully append its output to whatever you select...

Notification

The Host Monitor can notify you in a couple of ways when new hosts associate with the base station: by an audible "beep", or by sending an email message.

Notify when new hosts appear
If this checkbox is selected, the Host Monitor will notify you of new hosts when they first appear (and again if they disappear and then return).

Notify only for unknown associated hosts
Notify for all associated hosts
These radio button settings determine whether a notification should be given for all hosts which appear, or just those which aren't known to the Host Monitor utility, i.e., those which haven't been added to the Known Host list.

Beep when new hosts appear
If this checkbox is selected, the Host Monitor will beep when new hosts appear.

Send email when new hosts appear
If this checkbox is selected, the Host Monitor will send an email to the specified email address when new hosts appear.

Email address: enter the email address to which the notification should be sent
Email server (SMTP): enter the domain name (or IP address) of your service provider's email server (SMTP host). You should be able to get this from your service provider - in fact, you should have this configured in your usual email package (Outlook, Eudora, etc.), so you can probably look at that program's settings to get the host to use.

Running the Utility

The Host Monitor will query the base station every 5 seconds, indicating in the messages window when information has been retrieved. If there's a problem retrieving the information, this will be indicated in the messages window. A problem retrieving the settings usually indicates either an incorrect base station IP address, or password, or base station type has been selected; choose the "Change settings" button to correct this as necessary.

Known and Unknown Hosts

The Host Monitor allows you to maintain a list of "known" hosts, and to supply a name for these so they're easily identifiable. The name given to each known host is displayed in the main window when the base station is queried; hosts which aren't in the known host list are labelled as "****Unknown host****" in the name field. These may represent intruders on your wireless network.

The known host list can be edited by clicking on the "Edit known hosts" button. Adding a host requires entering the host's MAC address, which is a 12-digit hexadecimal string separated by spaces, like 00 20 1e 37 2f 83, and a name for the host. The MAC address is a unique number associated with the host's network card, and can generally be found printed on PCMCIA cards. (The table requires all entries' MAC addresses to be unique; if a duplicate MAC address is entered, or the address is malformed, an error dialog will be displayed.) To make adding a new host easier, when an unknown host is displayed in the main window's host table, an "Add" button is displayed at the end of the row (as shown in the second row of the main window screenshot above); if this is clicked, the known host dialog is opened and the indicated host's MAC address is automatically inserted in a new row. To delete a host, you need only remove the host's MAC address from the table.

The logging and notification settings allow the soecification of whether the action should occur for all hosts, or just unknown hosts, i.e., those which aren't in the known host list.

Limitations

Due to limitations in access point firmware, not all models permit direct monitoring of the associated hosts. In fact, each of the three AirPort models has sufficiently different firmware that the mechanisms used to monitor the associated wireless hosts are entirely different. As such, the host display doesn't always display the set of associated hosts, particularly for "Graphite" and "Snow" AirPort base stations. The limitations are discussed below for each type.

"Graphite" AirPort:
- The list compiled by the access point seems to be somewhat variable, with hosts sometimes disappearing for one cycle and showing up again in the next.
- The WAN address of the base station is not displayed correctly for some versions of the base station firmware, due to an incorrect reporting of the interface indices associated with the WAN (Ethernet) and LAN (wireless) interfaces (they're both reported as interface 1 in the IP address table).
- The length of time that each host has been associated is not provided by the base station, and thus not displayed.
"Snow" AirPort:
- The "snow" AirPort models unfortunately provide no direct mechanism to determine the hosts which are currently associated with the base station. The monitoring consequently uses the list of port maps in the base station as the list of associated hosts. As a result, the utility will show associated hosts only when the base station is used in NAT mode, and hosts will only show up when they have recently made active connections to the "outside world", since only these will have opened ports through the base station.
- The length of time that each host has been associated is not provided by the base station, and thus not displayed.
AirPort Extreme:
- The AirPort Extreme models have none of the above limitations.

Comments/questions: jsevy@cs.drexel.edu