This tutorial will explore the discovery of wireless networks using various "stumbler-like" tools under Microsoft Windows, Apple OSX, and Linux (Backtrack) This tutorial is meant to be a starting point for further tutorials in wireless penetration testing.

Active Scanning :

Active Scanning programs detect wireless networks by sending out probe request frames and waiting for access-points to respond. The responses are then dissected to gather such information as the ESSID, channel, signal strength, the presence of encryption and bitrate. In short, everything a client would need to connect to the network. Most "Stumbler-like" programs are active scanners such as NetStumbler for Windows and iStumbler for OSX. This type of scanning works best for casually finding networks for a number of reasons. First, many access-points can and are configured not to respond to probe requests, secondly you must be within transmit range of the access-point to detect it, and thirdly because you transmit data to the access-point security systems such as Intrusion Detection Systems(IDS) can find and block you very easily.

Passive Scanning:

Passive Scanning or Monitor Mode scanning enables the monitor-mode of your wireless card to listen to all the wireless traffic passing by the antenna. This method of scanning is much more useful to us for several reasons. The first is that given a sensitive enough antenna you will detect all the wireless activity in the area, secondly, since this method of scanning does not transmit any data to the access-point you remain undetected, and thirdly, you do not have to be within transmit range of the access-point to detect a network.

Operating System (Choose One):

• Microsoft Windows
• Apple OSX
• Linux (BackTrack)