Ask Your Question

How to identify Rogue Access Point?

asked 2020-03-05 12:45:41 +0000

vladinko0 gravatar image

Is it possible to identify Rogue Access Point with Wireshark?

Thank You.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2020-03-05 13:21:10 +0000

Bob Jones gravatar image

In theory, yes, you can use Wireshark to find rogue APs. With a quality over-the-air (OTA) capture, you can see the various devices in the environment around you. If an AP is behaving in a way that you consider rogue, you would then have identified it.

Note that digging though millions (could be 100s of millions) of frames in an OTA capture can be tedious and there would be limitations: you can only analyze what the OTA capture can see at a given point in time. Large facilities could have 1000+ access points and/or spread over relatively large areas so could be like finding a needle in a haystack. High end wifi systems can often tell you this information directly, or perhaps a specialized tool would be better served here.

edit flag offensive delete link more


Are there any criteria, when AP can be considered as a Rogue AP?

vladinko0 gravatar imagevladinko0 ( 2020-03-05 13:41:07 +0000 )edit

Here are some criteria:

At the frame level, I would like for BSSIDs from APs that I don't know about but are using my ESSID(s), i.e. network names.

Bob Jones gravatar imageBob Jones ( 2020-03-05 14:57:44 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-03-05 12:45:41 +0000

Seen: 86 times

Last updated: Mar 05