cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
335
Views
5
Helpful
1
Replies
Muhammed Adnan
Enthusiast

Determining the radio slot on an AP used to send deauthentication packets for containing Rogues APs / Rogue clients

Hello Experts,

 

Do we have the means to determine the radio slot the AP uses to send the deauth frames while containing the rogue APs / rogue clients?

Since for containment, the AP will be using the spoofed mac address of the attacker, the wireless PCAPs for obvious reasons will not help in determining the same. The OUI exposed in PCAPs will however help identity that the deauth frames (broadcast/unicast) is launched by an Cisco AP (using spoofed mac address of attacker)

There could however be the debugs/ show cli’s from AP which may help us determine radio used in containment. Could someone please share the way to evaluate the radio used in containment?

 

containment.png

 

1 REPLY 1
Scott Fella
Hall of Fame Guru

Run a debug or look at the rogue ap or rogue client details in the UI.
debug dot11 rogue enable
-Scott
*** Please rate helpful posts ***
Create
Recognize Your Peers
Content for Community-Ad