Fake AP and real statistics with OpenWRT

My networking teacher said that it would be cool to turn one of the routers that we have been playing with (Asus RT-N16) into an AP so that the class would connect to it instead of the schools network nearest AP.

Why do that? So we can see who is accesing what, get some statistics on that and probably to make a “wall-of-shame” where we could write the students usernames and passwords.

Preview of the plan:

1. Turn the router into an AP (we actually don’t want any DHCP for the router because the guys from the IT department would complain, we will get addresses directly from schools wired network -> that means that we will be relying more on the switch-part of the router

2. Turn off our nearest AP so that we could use our one instead and have people connecting to it without even noticing.

3. Install bandwidthd and see how it works.

4. Get the classmates to connect to it and let’s see some statistics.

In the meantime, i got everything i need now and this also became a mini-project for the networking class and a technology template for the guys in the 1st semester sooo , let’s do it!

Before doing this you should consider running a Linux machine and having a bit of Linux command line knowledge.


1. A PC running a Linux distro

2. A bit of linux command line knowledge (just a bit)

3. An asus rt-n16 router from the school, and all the things required for it (cables, antenas, power supply)

4. A wired internet connection

1. Turning the router into an AP

I want to bridge the LAN and WAN interface so that the router will act as a switch – that could also do wireless.

First, we need to install OpenWRT on the router. I did it by following my networking teachers technology template which is this -> this.

Let’s do the wireless thing first – it’s really easy to do it from the web-interface (Luci), you just browse to the routers IP (usually it’s after a fresh openwrt installation) enter your password, then go to Network and then Wifi. I will name it randomly, but after i turn off the nearest AP i will change the ESSID to that APs ESSID.

In order to bridge the LAN and WAN interfaces i had to edit the network configuration file, so that it will look like bellow:

nano /etc/config/network

#### VLAN configuration
config switch eth0
option enable 1
config switch_vlan eth0_0
option device “eth0”
option vlan 0
option ports “0 1 2 3 4 8*”
#### Loopback configuration
config interface loopback
option ifname “lo”
option proto static
option ipaddr
option netmask
#### LAN configuration
config interface lan
option type bridge
option ifname “eth0.0”
option proto dhcp

Next, i have to disable the routers DHCP server:

uci set dhcp.lan.ignore=1
uci commit dhcp
/etc/init.d/dnsmasq restart

Next, i have to disable the firewall and apply the network changes:

/etc/init.d/firewall disable
/etc/init.d/firewall stop
/etc/init.d/network reload

Now things should be going fine after you reconnect to the router. Wrong. After restarting the router (unplug and plug power source) though, it should work after 2 or 3 attempts from your PC.

2. Turn off our nearest AP

This is a strict physical problem, i just have to unplug the power source from the AP.

3. Install bandwidthd and see how it works

Now we need to connect to the router, but we don’t know its IP address. We can find it by doing an ARP scan on the local network and checking the MAC address. To do this:

arp-scan -I eth0 -l

Now we know the IP address and we can connect to it using ssh:

ssh root@ROUTER_IP

You can skip the instalation if the image has bandwidthd preinstalled. Installing it:

opkg update

opkg install bandwidthd

Start the service:

/etc/init.d/bandwidthd start

Browse to http://router_ip/bandwidthd and you should see something like below:

I connected my phone to the wireless and after a couple of minutes bandwidthd was looking like this:

4. Get the classmates to connect to it and let’s see some statistics.
I’ll get back with some updates on this and/or maybe some stuff about sniffing the traffic and making a wall-of-shame-like thing, with the classmates usernames and passwords.