In theory, yes, you can use Wireshark to find rogue APs. With a quality over-the-air (OTA) capture, you can see the various devices in the environment around you. If an AP is behaving in a way that you consider rogue, you would then have identified it.
Note that digging though millions (could be 100s of millions) of frames in an OTA capture can be tedious and there would be limitations: you can only analyze what the OTA capture can see at a given point in time. Large facilities could have 1000+ access points and/or spread over relatively large areas so could be like finding a needle in a haystack. High end wifi systems can often tell you this information directly, or perhaps a specialized tool would be better served here.
Here are some criteria:
https://en.wikipedia.org/wiki/Rogue_access_point
At the frame level, I would like for BSSIDs from APs that I don't know about but are using my ESSID(s), i.e. network names.
Asked: 2020-03-05 12:45:41 +0000
Seen: 1,455 times
Last updated: Mar 05 '20
