Slashdot Mirror
How Do You Locate That Access Point?
parp asks: "As an IT Manager I'm concerned about unauthorized Access Points being installed, or users who setup wireless computer to computer networks. How do you find the exact location of these devices? I've tried walking around the office with a laptop watching the signal, but the signal monitors that are included with most network drivers are very limited. The signal could be upstairs, downstairs or right around the corner, but I can't find it. Results of web searches I've done just tell you how to find a signal (wardrive), not the source. I'd be interested in any software or hardware device that can locate the device within a few feet."
It seems to me that you'd need to build a VERY directional antenna, and then you could triangulate the position fairly easily, and it could get you in the right area. Hopefully on the right floor ;)
Nobodies Prefect
Tidbits for Techs Technology Blog
You would probably need to build a loop antenna, they are directional and as far as I know, do not have much gain, you would just need to spin the look to find the strongest signal and take a measurement from 2 different places, then you could just draw to lines on a decent site layout map and know within about 10 feet where the signal is, google for "radio fox hunt" or "loop antenna".
Hey guys, a quick google revealed this:
_ pinpoints_location.php
http://www.airespace.com/technology/technote_rffp
Thught you might be interested.
Just monitor the traffic to see who is actually using the link. you should be able to figure it out from their IP address or their browsing habits. Chances are it is whoever set up the link. You may have to use one of the many WEP crackers, but that shouldn't present a problem.
If no one ever seems to be using it, it is possible you are picking up someones laptop with a built in 802 card that automatically enables without the user even knowing.
http://notanumber.net/
My company recently implemented a product called "WiFi Watchdog" from Newbury Networks (http://www.newburynetworks.com/). Damned nice product, and it has the capabilities you are looking for. The latest version of their software will give you a heat map as to where a device is likely to be overlaid on top of a map of your building.
Other vendors selling a similar products include Airmagnet and AirDefense. Some of the bigger AP infrastructure guys such as Cisco even have some built in products to do similar things.
The big advantage I found with NNI is that their product helps reduce false positives by identifying APs outside our building and labeling as such - so when a Sears truck drives by with a built in AP our alarm bells don't go off. Other neat things include a cool RADIUS service that "authorizes" connections based on location. Tied together with other authentication services that would make for a really really powerful solution for securing your wireless.
Anyway, hope that helps find some good solutions for you.
-Jack Ash
PS: No, I am not an employee of NNI or anything of the sort, I'm just a guy who went through your exact problem last year and ended up finding this solution.
First, start on a floor you know has access to this access point. Then, get in the elevator and hit the top floor. Note what floor you get disconnected on. Do the same going down, and average those numbers together and you have the floor it's on.
Once you are there, gather everyone around, and tell them that you know one of them has a wireless access point around. The first person to turn around and hurry away sneakily is your guy. Pull out your gun and shoot him in the back. Find his desk and everywhere he goes, and you'll eventually find the access point. Problem solved.
Or were you wanting to do this legally? Then I would just get them in a headlock and "nugey" them until they tell you where it is.
Oregon State University's Open Source lab has a tool specifically designed to find rogue wifi access point on univerisity networks, and it's available here: rogue detect
Simple! You simply log into the access point and type 'eject' at the command prompt. Then look for the Access Point with the CD-Tray open...
:)
Hey, if it works for a maze of Linux machines
But in all hoestly, you probably want a directional antenna as the other posters are suggesting. However, I suggest you get 2-3 volunteers, each with their own directional antenna. It will be easier to triangulate the signal if you have 3 folks coming in from 3 different angles.
"Can of worms? The can is open... the worms are everywhere."
Here is an idea for people who bring in an off-the-shelf wireless router. If they are dumb enough to leave SSID visible, perhaps they left it at the defaults. See if you can join it and then try a default password. There you can find the MAC address on the WAN side. If you have at least layer 2 managed switches on you network, you can log into them and look at the tables to determine which port it is comming in to. Hopefully you have a current map of your network (i.e. jack #23 in the wiring closet goes to the General Managers office.) The last place I worked for had no such map, I had to make it myself. If someone cries foul that I suggest they "hack" into someones personal property, tough. The culprit is using Company resources and leaving a door open into the network, possibly affecting others. Hope this helps
"Build something idiot proof, and someone will build a better idiot" - Samuel Clemens
Try browsing through your LAN switch's MAC address tables.. The manufacturer ID on the WAP will probably be different than most of your other computers' network cards.
Send out a company-wide email reminding employees about the corporate policy against bringing wireless access points from home. Ask anyone who has one to please disconnect it and remove it from the premises thank you for your cooperation etc etc.
Worker bees will comply almost instantly. If it's still on the air by that evening, start looking in manager offices. If you can at least isolate it to one floor you should be able to just LOOK for it. It's connected to the network, right? Follow some ethernet cables and you'll eventually find it. It's not like they would hide it in a metal filing cabinet.
And when you do find it, don't be an @$$ about it. Just remind the misguided soul that this is against corporate IT policy and we'll be happy to extend a supported AP into the ceiling near you on monday.
Hey - it was night when I wrote the post, I imained it would be late night when the deed was done.
There's a lot of talk about fancy switches, but we don't know if this guy has any managed switches.
When I said "pull the wires till the ping stops" I didn't expect him to end up with a load of wires on the floor, I expected him to plug eachone back in after 2 seconds.
Ethernet can cope with a brief unplug without difficulty.
If *I* was doing it and I had fancy switches I would stull pull wires. How many places have a map of the wiring and mac addresses on switch ports and so forth? And if folk are able to plug in wireless access points where they like, do you think such maps and charts would be up-to-date?
Maybe I'd try it that way for fun, but networks grow and breed in weird ways, hence the wire-pull suggestion: "it will work"
Sam
blog.sam.liddicott.com
Yup. Reflections are going to be a big problem.
I'm a rank amateur when it comes to T-hunting (a sport among ham radio operators that consists of trying to find a hidden transmitter with directional antennas), but after a couple excursions I can guarantee that hunting for a few GHz signal inside an office building is going to be tough. Even with equipment that will let you look at only the offending signal and dedicated df'ing antenna (whether nulling loops or something that chops between multiple antennas and actively compared phase from each), you'll spend a long time chasing reflections.
That's not to say it wouldn't be a fun thing to try, of course.
An alternative might be to attenuate the signal - by replacing the antenna on your wireless card with a badly tuned little stub of wire or sticking it in a metal biscuit tin grounded to the laptop chasis - and then walk the building floors looking for a peak.
Chances are you can cover all the floor space in your building in less time than it will take you to chase reflections around with a directional antenna.