How to find rogue WPS access point?

There is a wireless SSID on our network called WPS.  I can connect to it with no password, and I get ip address 192.168.100.25.  I believe this is a rogue wifi setup, as we did not install this.  How do I disable this device and/or find out where it is physically located?
LVL 3
maharlikaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

matrix8086Commented:
Hi,

If you have a smartphone or tablet you can determine some area where the device could be, by the signal strength.

Also you can determine his IP: after you connect to it, run from cmd: ipconfig /all. The Gateway address should be the device's IP.

Try to connect from a browser at that address and you can have some luck if it has no password, or you can try user admin password admin, or no password.

Knowing the IP address you can determine MAC address by typing in cmd "arp IP_address" where IP_address is the IP of that device.

Depending on you network infrastructure you can determine in which switch/port is located if you have managed switches. Also, some managed switched have a function to test the copper cable and that function can determine the lenght of the cable and there is the only way to know the exact location of that switch.

If you don't have managed switches, you can only filter the traffic's device from the router, by his MAC address.

Best regards!
0
StolsieCommented:
As said above get the APs address so where you got 192.168.100.25 see what gateway you get
Then get adventures:
Then download a program called Nmap.
Once installed in the target put the IP address of the 192.168.100.x gateway and select a preconfigured setup called “slow and comprehensive scan” it will give you every device connected for your location to it, and it will do it’s best to do map out what the device is (manufacturer, OS, firmware you name it)
Then do a regular scan to a device you know about on your network, If the “WAN” interface of the WPS device is on your network it should show up (don’t forget to try “-Pn”) you can use the switches ARP tables to locate the device, shutdown the port, a beat the owner with a sock filled with rocks)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
maharlikaAuthor Commented:
Thanks for the advice. I was able to log on to it and figured out that it was a wireless presentation system (with SSID of WPS).
0
StolsieCommented:
glad you found it :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.