1 | initial version |
In theory, yes, you can use Wireshark to find rogue APs. With a quality over-the-air (OTA) capture, you can see the various devices in the environment around you. If an AP is behaving in a way that you consider rogue, you would then have identified it.
Note that digging though millions (could be 100s of millions) of frames in an OTA capture can be tedious and there would be limitations: you can only analyze what the OTA capture can see at a given point in time. Large facilities could have 1000+ access points and/or spread over relatively large areas so could be like finding a needle in a haystack. High end wifi systems can often tell you this information directly, or perhaps a specialized tool would be better served here.