Hey everyone yesterday I was at a grocery store and I noticed suspicious WiFi networks and Bluetooth networks. I am quite tech savvy so I decided to investigate thinking it was probably just some skid. But when I opened Wireshark I saw the mac addressees for Cisco Merkari (A relatively advanced DPI program) , along with multiple other enterprise grade tools such as Fortinet and VMware. I have collected pcaps for both my Bluetooth and WiFi interfaces with Wireshark(available upon request). Does anyone have any idea could this be a government contractor? Or could it just be spoofed cause its relatively easy to spooph Mac addresses.
It's likely just the network within the store. Meraki (which I'm assuming is what you meant by Merkari, since AFAIK that isn't a name for any Cisco gear) is more than just DPI, it's a full SDN platform that Cisco purchased around 10 years ago. It's pretty common in branch networks like stores or networks maintained by an MSP. Without doing any digging I'd guess the Bluetooth devices are handheld barcode scanners used within the store, or perhaps scales/printers used in various departments.
Would a enterprise grade environment use VMware for routing wouldn't they want to use actual hardware for better hardware acceleration on there network. And what would be the purpose for having the Bluetooth devices advertised if they can control the name of said devices it could be but some of the networks are in a way corrupted. Could it just be data corruption caused by interference
Yeah, VMWare is an enterprise platform, so I'd be pretty surprised if they weren't using it. It's a grocery store so I can't imagine they have huge throughput needs in the first place, but even then VNWare networking appliances are super common. We use them where I work to support thousands of users in office environments. As for the Bluetooth, again just guessing but they either don't support broadcast being turned off, or more likely they MSP/central IT just didn't disable it because they didn't care/don't know how. I think you're vastly overestimating how much effort went into the network setup for a grocery store.
Definitely a good point and I could be over thinking it. Personally I'm a Hobbyist who is not yet complete with the education to enter the industry, So you definitely know more than me . Do Cisco routers ever randomize there bssid, cause looking at the pcap files the Mac addresses of completely different vendors even competetitiors like ubiquity are all using spectrum network handles could this be a clusterfuck of different routers or just a Cisco cluster randomizing there bssid?