0

First, a lot of background so that you'll hopefully understand the reason for the question.

We had a catastrophic failure in our network - a surge that took out a couple of systems' network interfaces, and we're trying to rebuild the configuration. In general, the confuration is:

  Comcast -> Arris router (no DHCP) -> Raspberry Pi 4B ("RPi") providing DHCP/DNS via dnsmasq -> Rest of network

Actually, all devices are on one network, but logically this is the setup (except that the Arris router is designated as the systemwide router via dnsmasq configuration option:router). But all devices get their IP addresses from this RPi.

(Elephant in the room: yes, I know about backups... and we're continuing to have conversations with the surge protection we tried to use.) We're trying to move on.

The Arris router was replaced, but still the RPi seemed not to be offering DHCP, so I'm focusing my attention on that server. Next step was to replace that inexpensive device too, which was done, and the boot device (SD card) was moved to the new unit.

Here's what I'm trying to focus on for this Question: As far as I recall, the Arris offered an SSID of primary..com that was used only for emergency, in the event the RPi was not available. The RPi offered an SSID of config2020..com, which is what all network devices were configured to use.

But even with the RPi powered off for hours, config2020..com still shows up in our list of networks to connect to, but some password issue prevents successful connection. I'm trying to find out why. Since there are so many possible sources for this, I'm looking for help in identifying what server is providing that network name so that I can remove it from the equation.

Is there some tool or trick that I might be able to use in order to find and eliminate this phantom network name? Or maybe configure it to work properly? I'm a little baffled since, before this mess, there was never a hiccup with the config2020 connection; worked every time. Now it seems to be housed elsewhere and nobody can connect. We can eliminate the Arris since it is brand new, and the backup configuration was not used (yet). We can eliminate the RPi because it is powered off. And yes, we could probably also power off each device in the network in order to find it, but I hope there's a better way.

Thanks.

Dennis
  • 167
  • 11

1 Answers1

0

I see that you get into some detail but I think that there is something missing from your description. Are you saying that the RPi is also acting as a WiFi Access Point? Are you sure that you do not have some other Access Point installed?

In any case, please consider using a WiFi scanning tool (such as kismet) to get the MAC address of the Access Point which seems to be transmitting the SSID and then use this information with a MAC address DB to get an idea about the manufacturer. MAC addresses can be spoofed, but you need to start with the assumption that this is not the case and you just have some Access Point powered on and forgotten.

Panos
  • 46
  • 2
  • Thanks so much, @Panos. I really appreciate the good advice. You surmised correctly that the RPi is to be an access point. I have successfully idenified the culprit and disabled the phantom SSID. It's amazing to me that's been in the network all this time (years) and never seemed to cause a problem. – Dennis Apr 01 '21 at 00:56