Ways to Locate Wireless Networks: In order to attack, you must first find a target, and though site surveys can make this easier, they cannot help in every case. Several tools and mechanism make locating a target network easier.
The following tools can complement wardriving or be used on their own:
- OpenSignal is a useful app that can be used on the web at http://opensignal.com or on a mobile device by downloading the OpenSignal app. With this application, you can map out Wi-Fi networks and 2G-4G networks, as well as correlate this information with GPS data.
- Wefi (wefi.com) provides a map of various locations, with access points noted in varying amount of detail.
- JiWire (jiwire.com) offers a map of various locations, with access points detected in a given region.
- Wigle (wigle.net) is another service that offers the locations of wireless access points. The benefits is that the information is crowd-sourced, which is derived from individuals providing data to the service.
- Skyhook (skyhookwireless.com) is anther service like Wigle.
Once you are connected to a target network, the next step is to perform traffic analysis to gain insight into the activity in the environment.
As when using Wireshark with standard network traffic, it is entirely possible to scrutinize traffic patterns, protocols in use, and authentication, not to mention information specific to applications.
In additional, analysis can reveal vulnerabilities on the network as well as client information.
Under ideal conditions, traffic analysis of a wireless network can be expected to reveal the following:
- Broadcast SSIDs
- Presence of multiple access points
- Possibility of recovering SSIDs
- Authentication method used
- WLAN encryption algorithms
Currently, a number of products can perform wireless traffic analysis—kismet, Airmagnet, Wireshark with AirPcap, CommView, and a few others.
Also note that in addition to traffic analysis, some tools offer the ability to perform spectrum analysis.
This means that the user can analyze the RF spectrum of wireless networks and devices.
In the right hands, these tools can detect issues with frequency, channel overlap, and performance, as well as help locate the devices other than the access points that may be in range.