In order to attack, you must first find a target, and though site surveys can make this easier, they cannot help in every case. Several tools and mechanisms make locating a target network easier.
The following are methods that can complement wardriving or be used on their own:
- OpenSignal is a useful app that can be used on the web at http://opensignal.com or on a mobile device by downloading the OpenSignal app. With this application, you can map out Wi-Fi networks and 2G–4G networks, as well as correlate this information with GPS data.
- wefi ( www.wefi.com ) provides a map of various locations, with the access points noted in varying amounts of detail.
- JiWire ( www.jiwire.com ) offers a map of various locations, with access points detected in a given region.
Once you’re connected to a target network, the next step is to perform traffic analysis to gain insight into the activity in the environment. As when using Wireshark with standard network traffic, it is entirely possible to scrutinize traffic on a wireless network. By performing such analysis, you can gain vital information on traffic patterns, protocols in use, and authentication, not to mention information specific to applications. Additionally, analysis can reveal vulnerabilities on the network as well as client information.
Under ideal conditions, traffic analysis of a wireless network can be expected to reveal the following:
- Broadcast SSID
- Presence of multiple access points
- Possibility of recovering SSIDs
- Authentication method used
- WLAN encryption algorithms
Currently, a number of products can perform wireless traffic analysis—Kismet, AirMagnet, Wireshark with AirPcap, CommView, and a few others.