WiFi Hotspot Without Internet Provider Knowing – How to Set Up

internet-sharingNetworkprivacySecuritywifi

I have a MacBook Pro with ethernet internet access on a corporate network. Due to corporate restrictions I cannot wire any other device to the network.

My solution was to create a wifi-hotspot from the mac to share the internet connection with my other devices.

I have some privacy concerns. Due to personal reasons I would not like anyone else knowing that I am accessing internet from a second device (please note that this is not illegal or any violation of corporate policy, it is only a matter of privacy). So I have some questions.

Can the corporate IT admins know that I am accessing at the internet from a different device than the Mac? That is, the HTTP requests that I make from the other device, go through the Mac and then reach the corporate network, are any different than HTTP requests originating from the Mac directly?

Best Answer

Any unencrypted HTTP packets (web sites or even streaming commercial content like music) would by default contain the User Agent corresponding to the device and browser/app, which would make it easy to distinguish between devices. It would be rather involved to change the user agent for non-browser traffic; some of those packets are generated deep within the OS.

Effectively masking a WiFi-connected device would be very difficult, if not practically impossible (depending on the sophistication of IT), if it is iOS or tvOS, or especially if it is a non-Apple device. Different devices and OSes have different characteristics for traffic they create.

You could encrypt the traffic with a VPN on the WiFi-connected device(s), but this could easily be noticed and is likely to be a red flag to IT.

The easiest combination to hide would be a device identical to the wired device, e.g., a macOS laptop over WiFi to a macOS laptop. Even then, source port number patterns and other markers would be a good clue to IT if they are paying attention.

In addition, the mere act of connecting another device is problematic. Operating a WiFi hotspot is likely to be noticed, even (again, depending on IT sophistication) if you hide the SSID. Triangulation could probably isolate the location to within a few machines. You could tether a device using USB, Bluetooth, or another hardware port, but any connected device will also leave forensic clues on the wired device.

Related Solutions

How to get Internet Sharing (Ethernet to WiFi) with Server on OS X 10.10.5

Check the IP address assigned to the device via DHCP. Does it match the IP range for the DHCP Network configured in Server.app's (disabled) DHCP service? I.e., is the IP address in the 192.168.1.0/24 range?) Also, try ifconfig -a on the Mac mini and look for a bridge that contains your WiFi device as a member. In the example below (MAC address obscured), I see that my WiFi device (en1) is in bridge100. Does the inet range for the bridge differ from the IP range assigned to your device?

bridge100: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=3<RXCSUM,TXCSUM>
    ether xx:xx:xx:xx:xx:xx
    inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
    inet6 fe80::c82a:14ff:fe55:fc64%bridge100 prefixlen 64 scopeid 0xa
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x2
    member: en1 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 5 priority 0 path cost 0
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active

If so, try deleting the Network from the DHCP service in Server.app. This fixed the problem for me. After deleting the Network (I think I had to renew the DHCP lease, too), my devices are now assigned IPs in the range of the bridge.

I think that when Internet Sharing starts, it creates the bridge to support Internet Sharing. So your devices should get IP addresses in its range. I don't know why the Server.app's DHCP Networks interfere with Internet Sharing, since the service is off, but maybe because Internet Sharing forces DHCP on behind the scenes, and the Network settings are picked up regardless. I'm also not sure why an IP in the DHCP service's Network doesn't allow for internet connectivity, but I guess it may have something to do with not matching the bridge's network mask and/or some configuration of pf that Internet Sharing does behind the scenes.

I hope this helps.

network wifi internet – Wireless Internet Provider and Local WiFi Network

You can connect your Mac Mini to the building's wireless network, and then via Ethernet to your AirPort Extreme. Then setup Internet sharing from Wifi to Ethernet and you'll be able to have both internet from your wireless provider and a local wifi network for your IoT devices and streaming setup.

Connect the ethernet cable to the Mac
Launch “System Preferences” from the  Apple menu and click on “Sharing”
Click on “Internet Sharing” from the left menu
Select the pull-down menu next to “Share your connection from:” and choose “Wifi ” or "AirPort"
Alongside “To computers using:” check the box next to “Ethernet”
Click Ok

Then open Airport Utility and configure your AirPort Extreme unit as follows:

Open AirPort Utility, located in the Utilities folder in the Applications folder. Select the base station you want to set up, then click Edit.
Click Network, and then choose Off (Bridge Mode) from the Router Mode pop-up menu.

With NAT and DHCP turned off, the base station acts as a simple bridge between the wired and wireless computers on the network.

Only your Mac Mini should connect to your building wireless network; if any other device of yours connects to it you won't "see" it on your local network.

Best Answer

Related Solutions

How to get Internet Sharing (Ethernet to WiFi) with Server on OS X 10.10.5

network wifi internet – Wireless Internet Provider and Local WiFi Network

Related Question