Wireless reconnaissance
Wireless reconnaissance enables ethical hackers and penetration testers to identify their target’s wireless network and determine associated clients, network settings, operating frequencies and channels, and the approximate distance between you and the access point.
When an access point is powered on, it sends beacons to advertise its presence and network information to nearby wireless clients. Within these beacons, the access point inserts the network name or Service Set Identifier (SSID), which helps clients to identify one wireless network from the other. Once a client is connected (associated) with a wireless network, it automatically saves the network information and password within its Preferred Network List (PNL). From then on, when wireless capabilities are enabled on the client, it will send probes to seek any of the saved networks from the PNL; once a network is found and within range, the client will attempt to automatically establish an...
