Wireless network identification is an essential part of security assessment. It is accomplished through the process of wireless scanning. Scanning can be broadly categorized into two categories: passive scanning and active scanning. In passive scanning, the client station listens for the beacon frames emitted from the access points at regular intervals and also monitors the network for data frames and other indicators of the network presence. In this mode, the client station does not actively probe the target network. In active scanning, the client stations, in addition to listening for beacon frames from the access points, probe the target network in order to detect WLANs. This mode of scanning leaves some forensic data in the network to investigate, making passive scanning the preferred method.

Many tools can be used to identify and categorize target wireless devices and clients and have specific benefits. In this chapter, we discussed various tools, such as airodump-ng, wash, hoover, Kismet, and Wireshark to scan wireless networks.

In the next chapter, we will discuss how to exploit the devices found during the scanning activity.