Rogue Access Points (APs) can be set up innocently or with malicious intent. They can cause interference with your WiFi network, present vulnerabilities to security, and have devices on your network connect to it instead. Whether it's a part of WiFi Health Checks or security analysis and monitoring, it's always a good idea to know how to physically locate these rogue Access Points.
Before you get started, make sure you have some kind of WiFi scanning software to search for and identify the rogue access point. This software should allow you to easily identify APs by their unique BSSID. Once the rogue AP has been identified, you will use its unique BSSID to track its precise WiFi signal (RSSI in dBm) with the WiFi scanning software.
The human body attenuates WiFi signal to the point where it can actually degrade your laptop's signal. So, we are going to use this to our advantage to perform this activity.
- Hold the laptop close to the body at stomach level. This will ensure that your body weakens part of the WiFi signal.
- Use a WiFi scanner to identify the rogue APs BSSID and track its WiFi signal.
- Stand in one specific direction long enough to note the exact WiFi signal.
- From the same spot, turn 90 degrees and note the exact WiFi signal.
Repeat this step until you have found the direction with the strongest WiFi signal.
- Move 20 steps in that direction and repeat steps 3-5.
- This process is repeated until you have determined the WiFi signal is not getting any stronger.
- Once you have found the area with the strongest WiFi signal, simply look for the device! If you cannot find it in the immediate area, you might be looking for it on the wrong floor. Go to the floor above or below in the same spot, again looking for the strongest WiFi signal.
Remember that walls and other obstructions can also attenuate the WiFi signal which might throw off your tracking. Rogue APs might be on a different floor or behind something you cannot access. In these situations, it's best to narrow down the location as much as possible, then receive proper permission to go to other floors or check locked rooms/closets to pinpoint exactly where the offending device may be.
Here is a quick video of the process using WiFi Scanner: