Wireless network discovery

Scanning wireless networks is often called wireless network discovery or Stumbling, which is an act of discovering available wireless networks in a target area. In a penetration testing exercise, scanning is the initial phase, where the attacker gathers enough information that can be used in the later stages of the attack. The amount of information gathered in this stage will affect the test plans and define the additional actions that will be conducted in subsequent stages.

Wireless scanning or discovery can be broadly categorized into either passive scanning or active scanning. In passive scanning, an attacker silently discovers the target network in an unintrusive way, which will typically leave no trace of evidence on the target network. In active scanning, an attacker probes the target and interactively interrogates the target, which may leave some forensic data, such as logs, performance degradation, or an impact on user sessions. Passive scanning is the preferred method for wireless penetration tests; however, it may need to be augmented with active methods if the passive-only discovery techniques stall or do not produce the required results. We will revisit these two techniques later in the chapter.