2

Is there any way how to use Kismet data to locate rogue wireless access points?

user1563721
  • 1,099
  • 11
  • 22

1 Answers1

3

Sure this is possible. There's a couple of ways to approach it.

The easiest way is to run kismet then as you're running it look for your Rogue access point appearing on the list of access points seen. When it does, lock the channel that kismet is looking on to the channel being used by your rogue access point (this gives a clearer signal than if kismet is hopping over a number of channels)

Then look at the signal strength being shown and wander around the area until you get the strongest signal you can. At that point I generally find that the AP is within 10-15 feet and just looking around the area will spot it (unless someone has deliberately hidden it from you)

Another option is to use directional antennas and triangulation to try to locate the AP, but I'd suggest that in the first instance you just go based on signal strength.

If you have other tools available besides kismet, I'd actually recommend airodump-ng for locating access points as from an interface point of view it can be easier to look at the signal strength on that as you're walking around.

Also if the AP is not cloaked you can used Android tools like "wifi Analyzer" which work pretty well for this kind of thing and which can be easier to carry around.

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • Thank you for your answer. I see that Kismet has a plugin for spectral analysis. Could it be used to locate AP? I would like to automate process of locating APs so I can see where APs are. – user1563721 Feb 28 '14 at 09:09
  • For example imagine several Kismet drones in large office and I would like to have a console where I can see where all detected APs could be located. Without going with antenna to find it. – user1563721 Feb 28 '14 at 09:11
  • I've not got experience of setting up a static kismet rig for detection although I'd imagine that you could do it with triangulation of the signal strength. Definitely there's commercial products (e.g. Ciscos wireless kit) which use that method to locate rogues with static APs – Rory McCune Feb 28 '14 at 09:16
  • 1
    Having used triangulation for this sort of thing (not with Kismet) it ends up being similar to what Rory described: you get to within 10-15 feet and then just look around. It can be a bit like Geocaching if the AP is hidden :-) – Rory Alsop Feb 28 '14 at 09:34