Unfortunately I'm on Windows XP SP2 (wish I were on Linux!)  , so I may be a bit limited in using some of the more high-power networking tools, but I would greatly appreciate advice of how to best keep track of who's using a wireless network I'm on.

For instance, I've used Angry IP Scanner as a simple ping scanning test, but much to my chagrin, it seems that it doesn't always find everyone on the WLAN. I found this out by experimenting with a program called "RogueScanner GUI" from http://www.paglo.com/opensource/roguescanner. It uses techniques like ARP scanning I think as a more comprehensive scan.

One of my questions is, sometimes RogueScanner finds Windows computers on the WLAN that Angry IP Scanner misses, and I thought that unless you go through special trouble to disable ping replies, all Windows computers (and most other computers/devices on a network) would respond to a simple ping test. Is this not true? 

I've also experimented with Zenmap (an Nmap GUI) from insecure.org. But I can't figure out how to get Zenmap to return Netbios computer name information. And what is the best way to set up Nmap to detect as many hosts as possible on the WLAN? (e.g. can it do ARP scanning?)

So I could use some expert advice--is there a "definitive" way to determine who's on a network (WLAN in my case), or at least what is the most comprehensive/reliable way of doing this? Thanks for any help!

My immediate reaction was to simply agree with dean.  If it is your AP, why can't you just check the resource allocation table?  Any system with a full connection has to have registered with the AP to get an IP.  That seems to be the short and safe answer.  From a networking point of view you also need to ask yourself if the OS has any third party software that would block your ICMP requests (several software firewalls will do this).  In regards to Rogue Scanner, you need to take into account that the tools uses far more techniques than just a simple ping sweep.  It was initially created as a network mapping tool, and it uses several methods to identify devices.  When your ping sweep hits a windows box with a firewall, it probably just gets killed and you get no response.  Rogue Scanner won't stop there as it will hit open ports and read the ARP table of any reachable switches as well.  It will then try to ID the device based on the profile of open ports (similar to nmap -O), examine the format of the data packets that are returned (each OS typically makes minor changes that help in identification), or it reads the ARP table and tries to identify a manufacturer based off the MAC address.  The other level you need to consider here is that since this is a wireless AP you are going to have other problems.  I don't have to register with a network in order to simply throw my wireless card into sniffer mode and grab your radio signal out of the air.  The machines doing this are not going to get assigned an IP.  You will also have trouble if someone is performing man in the middle attacks (ie. they grab signals from valid users, run them through their box so they can read the traffic, then reroute the traffic to your AP).

I totally agree that logging into the router is the best idea, but it's a 2WIRE 1000HG; if I use the "view home network" function, it merely tells me the computer names (Netbios info) of all computers that have used the network at any time--not just the computers that are currently using the router. If you happen to know how I can find who is currently connected to the router for the 1000HG, please let me know!

Also, Bogwitch, when you say run Linux as a virtual machine, would you please  point me to some website that could give me step-by-step instructions of how to carry it out? Is it only possible with certain distros of Linux, or can you use any flavor of your choice? My biggest concern is my wireless card is a Trendnet TEW-423PI, and it only came with software to run it on Windows; I've read it's possible to take the Trendnet software drivers and install them in Linux to get my card working, but I don't know exactly how to do this.  Is this possible for a VM solution?

I would recommend trying Airsnare

http://anti-hacker.info/video/Airsnare/Airsnare.html

is a video I made on it and I feel it does a basic job for finding out how is on the WIFI.

Regards,

Brian

For actually running the VM, look at VMWare Server. Its free and offers USB and better support for Linux than MS Virtual PC. Good luck.

As Brian mentioned, Airsnare is a decent way to see who's on your wlan. Identifying connected clients from their mac address still produces good results. Just dont trust it to alert you, you should always manually review the logs. Reason being is if someone spoofs a trusted mac, the alarm wont go off, but you should see to identical macs with two different  IPs in the log. Unfortunately, you will find many routers allow 2 identical macs to connect but will assign to different IPs if dhcp is being used.

While mac filtering is a very poor form of security, its still a reliable way to identify hosts on a wlan. To be connected on a network, you have to give up your mac address and its visible to everyone. Firewalls dont hide it. With tools like Kismet, you can often see clients and their mac address  on a wlan even when you are outside of that wlan.  Kismet and Nmap for linux are still my favorite host discovery.