Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

3.5.1 Scan Configuration
Figure 9 Global Options Dialog - Scan Settings
Wireless scanning types include active scanning and passive scanning. Active scanning
uses the Linux wireless tools package to actively probe for wireless networks. Passive
scanning relies on the Kismet sniffer to collect wireless network data without sending
probe request. Both techniques use channel hopping so that all 802.11 frequencies and
channels are scanned.
In general, it is preferable to use passive scanning over active scanning. Active scanning
has not been demonstrated to better detect wireless networks, plus it has the undesirable
side effect of sending probe requests that could identify the Sundew survey client.
3.5.1.1 Active Scanning Considerations
When active scanning is enabled, the wireless card will periodically send probe requests,
making active scanning a somewhat “noisy” process. This can help detect networks since
this technique helps discover networks with little or no current network traffic.
3.5.1.2 Passive Scanning Considerations
Passive scanning places the card in passive mode and monitors wireless channels for
networks. Since probe requests are not sent, some networks may be missed; but in
practice this rarely occurs and it is generally preferable to use passive scanning over
active scanning.
3.5.1.3 Scan Errors
If the Mission Window becomes empty, then either no wireless networks are being
detected or an error has occurred within the wireless driver. To recover from a driver
error, first try to toggle scanning (as described in section 3.4Toggle Wireless Scanning).
If toggling scanning does not fix the problem, then eject the wireless PC Card and
reinsert it.
- 11 -

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh