How to identify Rogue Access Point?
Is it possible to identify Rogue Access Point with Wireshark?
Thank You.
1 Answer
- Sort by
oldest newest most voted
0
In theory, yes, you can use Wireshark to find rogue APs. With a quality over-the-air (OTA) capture, you can see the various devices in the environment around you. If an AP is behaving in a way that you consider rogue, you would then have identified it.
Note that digging though millions (could be 100s of millions) of frames in an OTA capture can be tedious and there would be limitations: you can only analyze what the OTA capture can see at a given point in time. Large facilities could have 1000+ access points and/or spread over relatively large areas so could be like finding a needle in a haystack. High end wifi systems can often tell you this information directly, or perhaps a specialized tool would be better served here.
Comments
Are there any criteria, when AP can be considered as a Rogue AP?
Here are some criteria:
https://en.wikipedia.org/wiki/Rogue_access_point
At the frame level, I would like for BSSIDs from APs that I don't know about but are using my ESSID(s), i.e. network names.
Your Answer
Please start posting anonymously - your entry will be published after you log in or create a new account.
This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.
Comments