Stolen laptop

Are you sure they are in Range of your DLink Router? That would mean they're pretty close to your location since wireless ranges are very limited. How do you know they are close?

You can try to capture the wireless traffic if your network card is able to enter monitor mode (usually not possible on Windows unless you own an AirPCAP adapter). Otherwise you might try to capture the wired network going out to your provider, but that is usually difficult unless your router can mirror the data to a monitor port.

IF you can capture their data you can try to filter on HTTP traffic, and possibly identify communications containing web pages with personal information, but you'd need to be lucky to capture those. Good luck!

I wonder if it would be possible to locate it using SNMP. If you could query the device for RSSI, then presumably the closer you got to it, the higher the RSSI would be.

There are likely many free MIB browsers available that might be able to help you with this. One such free one that I have used in the past is available from iReasoning.

By the way, I got the basic idea from the paper available from http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.79.2963&rank=1.

You might also try something as basic as ping and look for small changes in average round-trip service response times. It might be possible to detect small differences in SRT's that could help locate the laptop. In theory, the closer you are to the laptop, the smaller the SRT's should be. This is likely not going to be very practical though as the time deltas will likely be only very, very small and probably not measurable with any level of certainty or confidence.

To help narrow things down, another idea might be to reduce the transmit power output of your WAP if you can. Some WAPs allow you to do this; others don't. But, if you can, then you'd have to be that much closer to the stolen laptop before it could still connect. If you can't reduce the tx output power, you could try disconnecting the antenna[e] altogether.

Another possible way to find out more information about who might be using your wife's laptop is to place a hub between your cable/dsl/other modem and your WAP, then connect your Wireshark sniffing PC to the hub as well. You might be able to learn something more from that. You wouldn't necessarily need a hub in between if your WAP allows you to mirror your wireless traffic to one of your LAN ports, but I doubt most consumer-grade WAPs support that capability.

There might be other possibilities too. For example, you could change the WAP settings so that its default gateway points to your laptop, which could proxy everything out. But now you're a man-in-the-middle and can easily log and sniff away at will. This would likely require 2 Ethernet interfaces on your PC though, one for the WAN and one to connect to your WAP. Your PC would then IP forward everything from LAN to WAN.

Well, just a few more ideas to consider. In any case, I would be curious to know what happens and if you're able to find the culprit, so do update us!

Whereas I don't know anything about this subject, I am hesitant to post this link. But just wanted to share in case it's of use. I stumbled on to it. Hope it helps.

http://securitystartshere.org/page-training-oswa-assistant.htm#moocherhunter