NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
hspindel2
Jul 07, 2023Guide
Undesirable spoofed MAC addresses on WiFi Extenders
I have two WiFi extenders, an EAX15 and a fairly ancient WNCE3001. Both of them exhibit the same undesirable behavior. In both cases, I am actually not using them as extenders but merely to prov...
JMSBK
Jan 08, 2024Aspirant
If the devices behind the extender are using DHCP from your main router (not the extender) you should see the DHCPDISCOVER/DHCPOFFER/DHCPACCEPT/DHCPACK messages in your log collector. The DHCPDISCOVER will have the actial MAC of the device as its looking for the dhcp server. capture that. Youll then see the dhcpoffer from the DHCP server allocating an IP address to it, and the dhcprequest from the client asking to use it, finally followed by the dhcpack send by the dhcp server saying its given. You can now match IP based on that until the next time it gets a new, you monitoring search should see the change. i use splunk to do this on my home network and it works fine. as i troll the logs from my router, i look for the MAC of the extender, and then run a subsearch of the above for any mac that was assigned an IP to the current IP in the router log.