Ethical Hacking: WiFi Penetration Testing

WiFi Bands: 2.4GHz & 5GHz Frequencies

Understanding the foundations of wireless network frequencies for effective penetration testing

Introduction to WiFi Bands

The band of a network defines the frequency it uses to broadcast signals, which determines what devices can connect to it. Modern WiFi networks primarily operate on two frequency bands:

2.4 GHz Frequency
  • Older, more common standard
  • Better range and wall penetration
  • More congested with interference
  • Slower speeds (typically up to 450 Mbps)
  • More widely supported by devices
5 GHz Frequency
  • Newer standard with faster speeds
  • Less interference and congestion
  • Shorter range and less wall penetration
  • Higher speeds (up to several Gbps)
  • Not all devices support this band

When conducting penetration tests on wireless networks, it's crucial to understand that many modern networks broadcast on both bands simultaneously. If you're only scanning on one band, you might miss critical attack vectors.

WiFi Band Scanning in Ethical Hacking

For security professionals and ethical hackers, the ability to detect and analyze networks on both frequency bands is essential. Many penetration testing tools default to scanning only the 2.4 GHz band, potentially missing networks or clients operating on 5 GHz.

Hardware Requirements

To effectively test wireless networks, you need hardware that supports the appropriate frequency bands:

Wireless Adapter 2.4 GHz Support 5 GHz Support Monitor Mode Packet Injection
Alpha AWUS036NHA
Alpha AWUS036ACH
TP-Link TL-WN722N (v1)
Alfa AWUS1900 Limited
Note: Many built-in wireless adapters may support 5 GHz for normal use but don't support monitor mode or packet injection, which are essential for thorough security testing.

Using Airodump-ng with Different WiFi Bands

Airodump-ng is a powerful tool for capturing packets from wireless networks, but by default, it only scans the 2.4 GHz band. To scan 5 GHz networks, you need to specify the band.

Basic 2.4 GHz Scanning

When you run airodump-ng with no band specified, it defaults to 2.4 GHz:

airodump-ng mon0

Scanning 5 GHz Networks

To scan for networks operating on the 5 GHz band, use the --band parameter:

airodump-ng --band a mon0
Tip: In the IEEE 802.11 standard, band "a" corresponds to 5 GHz, while bands "b" and "g" correspond to 2.4 GHz.

Scanning Both Bands Simultaneously

To capture networks on both 2.4 GHz and 5 GHz frequencies at the same time:

airodump-ng --band a,b,g mon0
Warning: Scanning multiple bands simultaneously requires a more powerful wireless adapter and can be slower due to channel hopping. For optimal results, scan each band separately when targeting specific networks.

Practical Scenarios & Attack Implications

Scenario 1: Dual-Band Network Penetration Testing

Consider a modern home network where the router broadcasts the same SSID on both 2.4 GHz and 5 GHz bands:

2.4 GHz Band Scan Results

SSID: HomeNetwork

Clients: 3 devices (older smartphones, IoT devices)

Security: WPA2-PSK

5 GHz Band Scan Results

SSID: HomeNetwork

Clients: 5 devices (newer laptops, smart TVs, gaming consoles)

Security: WPA2-PSK

If you only scan the 2.4 GHz band, you'd miss the opportunity to capture handshakes from devices on the 5 GHz band, which are often higher-value targets like laptops and newer mobile devices.

Scenario 2: Detecting Hidden Networks

Some networks may broadcast exclusively on 5 GHz for better performance and security:

airodump-ng mon0
# Result: Network not visible

airodump-ng --band a mon0
# Result: Network "SecureOffice" appears with clients
Note: Some organizations use 5 GHz exclusively for corporate networks while maintaining 2.4 GHz for guest access. Without scanning both bands, you might miss critical infrastructure.

Advanced Channel Targeting

For more targeted scanning, you can combine band and channel specifications:

airodump-ng --band a --channel 36,40,44,48 mon0

This command focuses on the four most common 5 GHz channels, reducing scan time and improving capture efficiency.

Tip: When targeting a specific network, first perform a broad scan to identify its channel, then focus your capture on that specific channel for optimal results.

Key Takeaways

➊ Modern WiFi networks operate on both 2.4 GHz and 5 GHz bands, requiring comprehensive scanning for thorough security testing.

➋ Use --band a to scan 5 GHz networks and --band a,b,g to scan both bands simultaneously.

➌ Hardware requirements are crucial - ensure your wireless adapter supports the necessary bands, monitor mode, and packet injection.

➍ Missing devices in your scans often indicates they're connected on a different frequency band than the one you're scanning.