Locating the physical location of a Rogue AP

Unanswered Question
Sep 9th, 2008

I have a situation where there appears to either be a rogue AP in one of our buildings or it is an AP that was missed when we were coverting them over to lightweight mode because it has the same SSID that we are using and is Cisco but my AP's are not finding it friendly.

I would like to try and find this AP, while WCS has given me a good idea on the location, I am looking for software for my laptop that could help me narrow it down even more.

Is there some software that will show all of the access points that my laptop sees as well as their mac address and strenght? I think a wireless site survey tool might work. But, I dont think I can use Cisco's since I will be using a lenovo laptop with its built in wireless card. Does anyone have some recommendations on some software for this task?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Scott Fella Tue, 09/09/2008 - 07:22

Why don't you download netstumbler and use that to track the AP down. It's free and shows the signal strength.

ericn8484_2 Tue, 09/09/2008 - 07:57

Netstumbler helped me find the AP. Although it looks like the wireless card on my lenovo with a Intel 4965AGN doesnt work very good with Netstumbler. However my co-workers laptop worked perfect for it.

Robert Rowland III Fri, 09/12/2008 - 05:06

I have cognio -- great tool. $4K.

Wont find devices like that.

If you have to do this a lot Berkeley Varitronics make some great devices - http://www.bvsystems.com/Products/WLAN/WLAN.htm I have a yellow jacket and it works like a sonar device in locating things .. along with other functionality.

Cognio, BV and Cace Technology`s USB adaptors ( wireshark folks ) are the 3 tools I find best. Shown in reverse order of cost.

But anyway ... you should get rogue report info that shows what other APs are hearing it.

Do some triangulation ....

gary.hostetler Tue, 09/16/2008 - 15:27

If you have

Cisco network switches you can use the Network Assistant to do a ping and trace to its IP address and it will tell you what switch to what switch it travels through. You can then identify which port on the switch and track it from there.

Gay

hobbe Tue, 10/14/2008 - 06:31

AFIK you can do this in three ways basically.

1) buy a directional antenna and start sweeping

2) make a directional antenna and start sweeping.

3) if you have severals base stations in the surroundings you can get the general idea of what area to look in by checking the signal streangth of the rouge AP in the different APs. just map it out in a building/surrounding area type of map.

I would look at a directional antenna and cover the ground quickly to find the rouge ap. netstumbler helps out alot.

is the keys and encryptions correct on the rouge AP ? then its probably one you have missed or a serious try to break in to your company.

then just look in your installment plans and check wich one is in that location that you do not have control over.

just some thoughts.

Good luck.

Actions

This Discussion