How to identify Rogue Access Point?
Is it possible to identify Rogue Access Point with Wireshark?
Thank You.
Is it possible to identify Rogue Access Point with Wireshark?
Thank You.
In theory, yes, you can use Wireshark to find rogue APs. With a quality over-the-air (OTA) capture, you can see the various devices in the environment around you. If an AP is behaving in a way that you consider rogue, you would then have identified it.
Note that digging though millions (could be 100s of millions) of frames in an OTA capture can be tedious and there would be limitations: you can only analyze what the OTA capture can see at a given point in time. Large facilities could have 1000+ access points and/or spread over relatively large areas so could be like finding a needle in a haystack. High end wifi systems can often tell you this information directly, or perhaps a specialized tool would be better served here.
Here are some criteria:
https://en.wikipedia.org/wiki/Rogue_access_point
At the frame level, I would like for BSSIDs from APs that I don't know about but are using my ESSID(s), i.e. network names.
Please start posting anonymously - your entry will be published after you log in or create a new account.
Asked: 2020-03-05 12:45:41 +0000
Seen: 1,482 times
Last updated: Mar 05 '20