How Do You Locate That Access Point?

parp asks: "As an IT Manager I'm concerned about unauthorized Access Points being installed, or users who setup wireless computer to computer networks. How do you find the exact location of these devices? I've tried walking around the office with a laptop watching the signal, but the signal monitors that are included with most network drivers are very limited. The signal could be upstairs, downstairs or right around the corner, but I can't find it. Results of web searches I've done just tell you how to find a signal (wardrive), not the source. I'd be interested in any software or hardware device that can locate the device within a few feet."

Re:Something to check out...

[QuantumRiff]

Airespace was recently purchased by Cisco. I just bought some of the equipment, and it is damn sweet.. One note about the location pinpointing though.. (see below for the poor mans fix..)

By default it tells you that AP X detects an access Point. It tries to connect as a client, and ping spots on your network. This tells you if its on your network or not.. If you feel mean, you can flood it and shut it down.. (DOS attack built in!) However, if you want the precision mapping, you have to pay a very, very large chunk of change.. I have seen a demo, and it is pretty sweet to watch it pinpoint the exact location of a rouge AP. Keep in mind that this uses triangulation. You need more than one of your Cisco AP's to be able to see this rouge to get it pinpointed.

(Poor/Evil BOFH Fix) I would connect through the access point, note my IP, see if I could Ping the network.. Then, check the IP/Mac address, and find what port on my switches it is coming from. Disable the port. (if you have a nicely labeled patch panel, you could walk to the switch, and see exactly where the port is..) Wait for someone to complain about no network activity...

Check the LAN switches

[MeanMF]

Try browsing through your LAN switch's MAC address tables.. The manufacturer ID on the WAP will probably be different than most of your other computers' network cards.

non-tech solution

[fred+fleenblat]

Send out a company-wide email reminding employees about the corporate policy against bringing wireless access points from home. Ask anyone who has one to please disconnect it and remove it from the premises thank you for your cooperation etc etc.

Worker bees will comply almost instantly. If it's still on the air by that evening, start looking in manager offices. If you can at least isolate it to one floor you should be able to just LOOK for it. It's connected to the network, right? Follow some ethernet cables and you'll eventually find it. It's not like they would hide it in a metal filing cabinet.

And when you do find it, don't be an @$$ about it. Just remind the misguided soul that this is against corporate IT policy and we'll be happy to extend a supported AP into the ceiling near you on monday.

Re:Pull wires

[samjam]

Hey - it was night when I wrote the post, I imained it would be late night when the deed was done.

There's a lot of talk about fancy switches, but we don't know if this guy has any managed switches.

When I said "pull the wires till the ping stops" I didn't expect him to end up with a load of wires on the floor, I expected him to plug eachone back in after 2 seconds.

Ethernet can cope with a brief unplug without difficulty.

If *I* was doing it and I had fancy switches I would stull pull wires. How many places have a map of the wiring and mac addresses on switch ports and so forth? And if folk are able to plug in wireless access points where they like, do you think such maps and charts would be up-to-date?

Maybe I'd try it that way for fun, but networks grow and breed in weird ways, hence the wire-pull suggestion: "it will work"

Sam