Is my network being hacked? How can I use Wireshark to find out based on my described scenario?

asked 2023-03-21 23:02:01 +0000

ROSEwiresharkshark gravatar image

updated 2023-03-21 23:50:52 +0000

I just discovered how to use Wireshark today, so please forgive me if my question is a newb question. My neighbors are intentionally mucking up the wifi to stop my security cameras from functioning correctly. I live in the mountains and they're the only humans close enough for me to pick up a signal.

When I look at Netspot, there are 70+ hidden SSID's. I've been watching the way they function for months. They have 3 real networks that seem to function completely normal. But for these 70 SSID's, they only connect for seconds and then disconnect. Which repeats every 10 to 60 seconds. There are at least 15 different mac addresses on each of the nonoverlapping 2.4 gHz channels. They either do not have any or much data associated with them, as the Netspot graph that shows the activity is empty and red (normal graph is rainbow and contains a lot of up and down waves). The Beacon level set for them is oddly low, in the single digits for each one. When they turn them off, my cameras start working correctly again and the wifi spectrum analyzer only shows a handful of connections (the real routers). When they're on, I can force my cameras to go into live view, but depending on the channel they're on, there's an extremely loud (on and off again, goes up and down in noise) "dut dut dut" that broadcasts over the camera audio. And the audio of the cams also goes in and out constantly when these 70 SSID's are connected.

So then, when I look at Wireshark, every one of those 70+ SSID's has "malformed packet" mentioned. The message is: [Malformed Packet: IEEE 802.11: length of contained item exceeds length of containing item]. Does this message shed any light on what they're doing?

I can also see my neighbor's wifi, all of their different routers on my Wireshark packet capture. I have the setting set to “traffic to/from this AP”. Is this normal to see packets that say for example "NETGEAR" (the neighbor's wifi) and as destination "BROADCAST"? Or does this mean they're hacking into my network? I want to understand if Wireshark is showing me what's attached to my network or is it showing me all the packets for all the nearby networks as well?

edit retag flag offensive close merge delete