What is Passive Scanning?

Passive scanning is not done by active probing, but by mere listening to any data sent out by the AP. Once a legitimate user connects to the AP, the AP will eventually send out a SSID in cleartext. By impersonating this AP by automatic altering of the MAC address, the computer running the network discovery scanner will be given this SSID by legitimate users. Passive scanners include Kismet and essid jack (a program under AirJack).

What is Active Scanning?

Active scanning is done through sending multiple probe requests and recording the probe responses. The probe response received normally contains BSSID and WLAN SSID. If SSID broadcasting has been turned off, and active scanning is the only type of scanning supported by the software, no networks will show up. An example of an active scanner is NetStumbler.

Network detectors or network discovery software are computer programs that facilitate detection of wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. Discovering networks may be done through active as well as passive scanning. Wikipedia. Wikimedia Foundation. Web. 9 Nov. 2015.

I used Wikipedia because the other articles seemed to be outside of the box that we are studying.

Understanding Wireless Scanning from a website at "TechLibrary." Understanding Wireless Scanning. Web. 9 Nov. 2015.

All wireless access point radios continually scan for other RF transmitters. While 802.11b/g/n radios scan in the 2.4-GHz to 2.4835 GHz spectrum, 802.11a radios (and sometimes 802.11n radios) scan in the 5.15 GHz to 5.85 GHz spectrum. There are two scanning methods, passive scanning and active scanning. By default, radios perform both types of scans on all channels allowed by the country of operation, which is the regulatory domain set during initial access point deployment. While both types of scanning are on by default, active scanning is performed only on channels on which local government regulations allow it to transmit. Channels that are not authorized for unlicensed use and channels that require radar detection with dynamic frequency selection (DFS) are excluded from active scanning.

What is the Difference Between Passive and Active Scanning?

From a website at "TechLibrary." Understanding Wireless Scanning. Web. 9 Nov. 2015.

During passive scans, the radio listens for beacons and probe responses. If you use only passive mode, the radio scans once per second, and audits packets on the wireless network. Passive scans are always enabled and cannot be disabled because this capability is also used to connect clients to access points.

Active scans are enabled by default but can be disabled in a Radio profile. During active scans, the radio sends probe-any requests (probe requests with a null SSID name) to solicit probe responses from other devices. In other words, access points actively look for other devices, in addition to listening for them.

This next part is supposed to be the answer to the question of “Where is it most commonly used and why?” Well, seems as though some people may use scanning to spy, unless this is just my imagination. I’m guessing we were supposed to use it to find the access points for our wireless devises. Either way the information was informative… perhaps we can use it next semester in our “anti-bug” class.

This information came from a book called Singh, Abhinav. Metasploit Penetration Testing Cookbook. Birmingham: Packt, 2012. Print.

Now I shudder to think of what answer I will get for the best scenario for each type of scanning. Well, I found something decent. Oh, and you’ll never guess… It came from CompTIA Security SYO-401 Exam Cram.

Well, once again, I hope this blog was informative. I don't know about anyone else, but I sure am learning alot. And of course in the midst of searching for articles, I also get the opportunity to shop. Found some really cool devices while looking for things these last couple of blogs.