Extensively covered here.
How to locate physical location of access point?
Well I've been breaking my head over this problem for a few days now, we have at my company some rogue employees hooking up their home APs to our network and connecting from the balcony over coffee and smokes. Needless to say we have to stop this, but before we start putting in NAC and whatnot I want to find the exact offices where these douches operate so I can shut them down and report them to management (hehe mess with MY network!)
Trouble is, as much as I walk around with my laptop looking at kismet and airodump's power meters, they are wholly unreliable. Even tried "limiting" my pcmcia (Netgear WPN511) by wrapping it in tin-foil and pointing it at certain directions. still no luck.
Any ideas on how to get this done anyone?
Extensively covered here.
well thanks, i searched and nothing came up (blame the misleading title...), but the thread didnt help me much since i really can't get any of the mentioned equiptment (for geographic/accounting reasons i wont go into).
I was hoping someone had actual experience making a DIY direction-limiter for a pcmcia card w/o a connector (maybe covering it up with tin foil open at one end or the like).
I'm sure its been done.
I've tried it, but the kismet readings im getting are very unreliable and unhelpful.
oh well, back to work. If i make it, i'll share
make a directional antenna, use a pringles can, connect it up to a usb wireless pen, airodump-ng ..... look at the pwr reading and follow the yellow brick road
edit: if u are using a non usb card, then get a pigtail, antenna and connect up. plenty of tutorials on making this all over the place
The best thing to do is checking the ARP tables on your switches and look you should be able to see which port the AP is connected to.
dump your tables and whip up a quick script to compare the data to this...Originally Posted by BOFH139
http://standards.ieee.org/regauth/oui/oui.txt
Or you could just dump the mac addresses into this...
http://www.techzoom.net/nettools-macdecode.asp
There's no fate but what we make for ourselves.
-I already know I cant spel-
I'd just configure a card in the area with the same IP address as the offending router. Since my TCP stack doesn't have any ports or routes open, my machine would throw a RST back for everything. That should be a stealthy way of keeping him shut down without having to find him. And he's likely to throw a few routers away thinking they are junk. I believe Comcast does something like this for P2P.
Try using a directional antenna and card that has reliable SNR. That might get you close. Other than that, geolocation involves too many variables to be of any accuracy.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
Or you could just set port security on your switch to something like...
Whoever comes crying that they cant access the network is probably the culprit.Code:switchport port-security maximum 1 switchport port-security violation shutdown
There's no fate but what we make for ourselves.
-I already know I cant spel-
Then attach your EtherKiller to the patch-panel port, crack open a beer and watch the fireworks....
Posting Permissions
