What's new

Help with phantom wifi/inSSIDer

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Grievous Angel

Regular Contributor
Hey guys.

I have two 5G wifi signals that consistently show up on inSSIDer that have a real effect on my 5G channel. I've been able to move around them, but it bugs me I can't figure out what they are.

I get faint signals from a neighbor but all of those are typical WIFI signals. They have an SSID, max rate indicators, etc. Just like mine. I live on 4 acres of land so they aren't a real problem--I still navigate around them.

But these two mysterious 5G signals:
- Do NOT have an SSID
- DO have MAC addresses
- Show security as WEP
- Have a max rate of 0
- Wifi type is "unknown" (not, N, G, or whatever)
- No vendor

One of them is quite strong . . -55dbm and shows a "link score" of 100.
The other is rather weak (-88dbm).

They aren't really causing me problems, but they are bugging me. Anyone have an experience similar to this? What kinds of devices would broadcast like this? I've been thinking about devices around my house that might do this but can't think of one. Yes, I have a Roku but that is identified. These are separate signals.

What should I look for? What kind of device might this be?
I thought maybe MAC addresses would help me identify them:

62:45:B0:41:2C:F6, -55dbm on channel 40
62:45:B0:3F:08:BB, -89dbm on channel 157
 
Given the MAC address, you can lookup in the IEEE registry, what company owns that block of MAC addresses. I tried two lookup databases and both said "not registered". 62:45:B0 is the vendor code you've seen.

Since you can receive them and get a MAC address, they are IEEE 802.11 signals. They are likely 802.11a.

Probably a industrial or point to point bridge link. Why the MAC isn't in the registry is odd.
 
Interesting. They showed up fairly recently. I too tried to look up those MAC addresses with similar results.

There is a cell tower nearby . .

"Probably a industrial or point to point bridge link"

What do you mean by this? Maybe some other ISP trying to offer Wifi? I looked this up--there are vendors that talk about offering "rural" internet.

I'm sort of suburban. We get good cable internet where we are.
 
Interesting. They showed up fairly recently. I too tried to look up those MAC addresses with similar results.

There is a cell tower nearby . .

"Probably a industrial or point to point bridge link"

What do you mean by this? Maybe some other ISP trying to offer Wifi? I looked this up--there are vendors that talk about offering "rural" internet.

I'm sort of suburban. We get good cable internet where we are.

There are lots of industrial, government, educational sites that use unlicensed 5.8GHz, often 802.11a, for inter-site point to point links to connect their building's LANs together. These usually have high gain antennas, narrow beamwidth. That means you have to be in the beam pattern between the two sites (usually building rooftops) to receive much signal strength. Here's one that's popular:
http://www.cisco.com/en/US/prod/col...s5285/product_data_sheet09186a008018495c.html

There are many city or privately owned public access WiFi systems, e.g., the infamous aborted citywide deployments by Earthlink some years back. Some of these use 5.8GHz to "backhaul" (interconnect access points), whereas users are on 2.4GHz. I worked on that for a time.

Such is life in the unlicensed bands.
 
Any chance inSSIDer isn't reporting them correctly as networks? I know it is showing MACs, but I am just wondering if that if faulty information.

5.8GHz range is used as weather radar.

Also you have the P2P links someone else mentioned, though that would be odd as those are usually pretty directional (just a degree or two). Though I suppose if you are close to something that could be it.

Any chance you can wander your property to get an idea of where it is getting stronger. Might not be the perfect way to find out where the networks are coming from, but it might help narrow it down a little.
 
Hey guys.

But these two mysterious 5G signals:
- Do NOT have an SSID
- DO have MAC addresses
- Show security as WEP
- Have a max rate of 0
- Wifi type is "unknown" (not, N, G, or whatever)
- No vendor

One of them is quite strong . . -55dbm and shows a "link score" of 100.
The other is rather weak (-88dbm).

62:45:B0:41:2C:F6, -55dbm on channel 40
62:45:B0:3F:08:BB, -89dbm on channel 157

OUI 62:45:B0 is not a public MAC address, but it is a MAC address - IEEE, who is the point of record, does allow companies to register for OUI's and not make them public.

Since InSSIDer can't see hidden/cloaked SSID's, the SSID is present, just set to a blank value.

I wouldn't be too terribly concerned about the 3F:08:BB on channel 157, -89 dBM is in the noise floor and nothing to worry about.

That you're seeing something on channel 40, and a decent level, -55dBM, makes me think it's something close by, as transmit power is restricted to 50mW... probably within 100 feet or so would be my guess - and most likely inside your house, as UNII-1 band is for indoor use only (global).

Likely candidates - utility meters perhaps (gas/electric) or other infrastructure such as SCADA links for remote monitoring and control. Could maybe be a wireless alarm system or camera.

Made any recent purchases lately?
 
OUI 62:45:B0 is not a public MAC address, but it is a MAC address - IEEE, who is the point of record, does allow companies to register for OUI's and not make them public.

Since InSSIDer can't see hidden/cloaked SSID's, the SSID is present, just set to a blank value.

I wouldn't be too terribly concerned about the 3F:08:BB on channel 157, -89 dBM is in the noise floor and nothing to worry about.

That you're seeing something on channel 40, and a decent level, -55dBM, makes me think it's something close by, as transmit power is restricted to 50mW... probably within 100 feet or so would be my guess - and most likely inside your house, as UNII-1 band is for indoor use only (global).

Likely candidates - utility meters perhaps (gas/electric) or other infrastructure such as SCADA links for remote monitoring and control. Could maybe be a wireless alarm system or camera.

Made any recent purchases lately?

Russian bug? Chinese bug? NSA bug?
 
I came across a mac starting with 62:45:B0 tonight also. Have you found where the signal is coming from yet? Mine appears to be coming from outside the front of my house at a signal strength of -60dbm. The signal is intermittent. I live in a town of 60,000 so there are networks all over the place. -60dbm is what I get on my 5Ghz band out in my detached garage about 100 feet away.
 
Last edited:
I think it's just the local emergency services. I'll check it out more tomorrow. To cold right now. Tomorrow will be a toasty 20 degrees.
 
Any chance of getting a wireless PCAP on that channel with the odd OUI?

Looking at the beacon frames can tell much...
 
My guess is that this is a product made "over there" that didn't bother to register to get an OUI - and is sold as OEM.
 
Well, that is getting pretty pushy with the hotspot thing!

Shaw Go WiFi is also an annoying service by that ISP that has tripped up a few of my customers.

http://www.shaw.ca/wifi/


The issue of course is that the channels and strength of their hotspots overpower most equipment we mere mortals can use.

They basically lie to their (and my) customers that the free wifi will not interfere with the existing wireless network. And, they conveniently forget to let them know that unless they are a Shaw customer, the 'free' wifi means 'no wifi' instead; for the patrons of my customers' business.


I would be raising the roof to get a modem only option at this point.

Letting them do this; they should be paying us instead.
 
Ah... secondary SSID - similar to what some router/AP vendors do for Guest Networks (for example, I enabled the Guest network just now on my AirPort Extreme, and the OUI starts with 92:3E:57

This is probably prep work for a secondary SSID for carrier provided CM/DSL integrated gateways (Modem/Router/AP). So, very similar to what FON does... kind of figured the ISP's would start going down this route at some point as a business decision..

Never a question of if - more of when... once the business layers and the OSS/BSS/CSS issues were solved...

Secondary application here would be the Cable/FIOS MSO's starting to offer items like wireless media extenders (run TV to another room without running coax). Running as a VLAN on it's own SSID allows them to do some traffic shaping to ensure a good customer experience, although it could impact user internet/intranet traffic a bit while someone is watching American Idol or whatever...

Starting to make sense now... they should however use public OUI's to keep both talented amateurs and professionals from pulling their hair out when sorting their networks.

nice find...
 
This is beginning to read like an episode of "The Twilight Zone" (that theme playing in my head) *smile*.
 
What's weird is that it looks like a burst transmission in inSSIDer. Right now it's not there. In 5 minutes it will be back with a short burst at around -51dBm.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top