Chapter 5. Wireless Reconnaissance

The first order of business for any network reconnaissance is to find the target network. We tend to forget about this step on traditional wired networks because finding the target is almost always a simple matter of routing to its IP address. In the case of wireless reconnaissance, this step cannot be overlooked; in fact, finding your target's wireless network and all its associated client nodes is what most wireless reconnaissance is all about. After you find the network, most sleuthing about follows the ordinary network scanning methods, as discussed in Chapter 2.

The basic goal of wireless reconnaissance is to locate the target network and gather as much information about its configuration and associated clients as possible. This information includes what is needed to connect to the target network such as network identifiers, authentication credentials, encryption keys, and addressing information.