I recently came to know that some of the 'Wireless Management' application suites has utilities that can actually pinpoint the exact location of a rogue device. They use a 'triangular mathematical' method called 'Triangulation'. I know 'RingMaster' from Trapeze does that.
I want to know how this 'Triangulation' exactly works in detecting a rogue device or an access point. I guess this is the same method used for GPS location positioning.
Has anyone has any information about 'Triangulation' or know how it works?
I can't answer for all methods. However, multiple sensors can use the RSSI values measured from the rogue device to determine the location of the device as relative to the sensors. That is much better than tracking them down by hand.
Generally, you walk around the area with a test wireless system, tell the utility where you are at and it takes a finger print of the various signals it is receiving from it's AP's. Once a sufficient number of test data points are in the system it can interpret new finger prints to approximate the location of a rogue.
One point of caution. These systems can provide "exact" location. They will get you close. Usually, close enough to see the rogue. I would question anyone who is telling you they can provide pinpoint accuracy.
CISSP, PMP, CWNA, CWSP
There are two methods we use. One uses just the measured RSSI valuses as detected by the sensors with live data from the rogue device. The second is RF fingerprinting as wmackey described. You tell the system where you are on a map. That information is combined with the current measured value. Later, a rogue in the same spot could be more quickly found. The difference is only about 20 feet or so between the two methods. Remember, no matter how the device is found you must still physically locate it for retention as evidence.
yeah triangulation is very much similar to the method used in GPS systems with a difference that GPS systems use satellites with frequencies above 6 GHz(though other frequencies are also used)