Week 6:From Signals to Security: Understanding and Inspecting Wireless Networks

Welcome to Week 6. This week, we stop looking at wires and start looking at the invisible: Wi-Fi and Bluetooth. By the end of this article…

Nishant kumar

~6 min read · April 30, 2026 (Updated: April 30, 2026) · Free: Yes

Welcome to Week 6. This week, we stop looking at wires and start looking at the invisible: Wi-Fi and Bluetooth. By the end of this article, you'll understand how wireless networks talk, how to inspect them from the Linux terminal, and why this knowledge is the first step every ethical hacker takes before going further.

1.Wi-Fi: The Language of the Air

Before you can inspect a Wi-Fi network, you need to speak its language. Here are the key terms — think of them as the words in the detective's dictionary:

AP (Access Point) — The router or device everyone connects to. The building in our city.

SSID — The name of the network. Like the building's sign: "Starbucks Wi-Fi" or "Home_Network_5G".

ESSID — The same as SSID, but it can span multiple access points — like a chain of buildings under one brand name.

BSSID — The unique MAC address of a specific AP. Every building has one unique door number.

Channel — Wi-Fi operates on channels 1–14 (1–11 in the US). Think of them as different radio stations — each AP broadcasts on one.

Frequency — Wi-Fi runs at 2.4GHz or 5GHz. 2.4GHz travels farther but is slower. 5GHz is faster but shorter range.

Power — The closer you are to an AP, the stronger the signal. Stronger signal = easier to work with.

Security Protocol — This is the lock on the door:

WEP — The old, broken lock. Crackers love it.

WPA — A better lock, but not perfect.

WPA2-PSK — The modern standard. Uses a pre-shared key (PSK) that everyone on the network shares.

Mode — Your wireless card can operate in three modes:

Managed — Normal mode. You're connecting to an AP as a client.

Master — Your card is acting as the AP.

Monitor — You're listening to everything in the air, not just traffic meant for you.

That last one — monitor mode — is where things get really interesting for hackers.

2 — Seeing Your Wireless Interfaces

Let's open the notebook.

The first command you already know from Week 3: `ifconfig`. It shows all your network interfaces. But when you run it, look for `wlan0` — that's your wireless card.

ifconfig

You'll see something like:

wlan0 Link encap:Ethernet HWaddr 00:c0:ca:3f:ee:02

`wlan0` is your first wireless adapter. If you had two, the second would be `wlan1`. Simple.

But there's a better command just for wireless:

iwconfig

This only shows wireless interfaces and their stats — think of it as a cleaner, focused view. When you run it, you'll see things like the ESSID (which network you're on), the mode (managed/master/monitor), and the transmit power.

If you're not connected to any network yet, it'll show: `Access Point: Not-Associated`.

3 — Scanning for Wi-Fi Networks Around You

Now, let's find out what's in the neighbourhood.

iwlist wlan0 scan

This command makes your wireless card sweep the area and report back on every AP it can detect. The output looks like this:

Cell 01 - Address: 88:AD:43:75:B3:82
Channel:1
Frequency:2.412GHz (Channel 1)
Quality=70/70 Signal level=-38 dBm
Encryption key:off
ESSID:"Hackers-Arise"

Read it like a detective's report:

Address → the BSSID (MAC address of the AP)

Channel → which channel it's broadcasting on

Quality/Signal level → how strong the signal is

Encryption key → on or off?

ESSID → the network name

4.Connecting to a Wi-fi network

Once you've spotted your target network, connecting is one line:

nmcli dev wifi connect Hackers-Arise password 12345678

If it works, you'll see:

Device 'wlan0' successfully activated with 駢a5bf4-…'

Run `iwconfig` again after connecting, and this time you'll see your card is associated with an AP — it shows the ESSID, frequency, MAC address of the AP, and signal quality. Your detective is now inside the building.

5.Going deeper with aircrack-ng suite

Here's where it gets exciting.

In ethical hacking, one of the most common exercises is Wi-Fi reconnaissance — gathering the intelligence you'd need if you were going to attack an AP. The aircrack-ng suite is the tool of choice, and it comes pre-installed on Kali Linux.

Step 1: Enable Monitor Mode

Before you can listen to all wireless traffic (not just traffic meant for you), you need to put your card in monitor mode:

airmon-ng start wlan0

Your card gets renamed — usually to `wlan0mon`. This is your card going from "talking on the phone" to "listening with a scanner". It can now hear all broadcasts in range.

Step 2: Capture All Nearby Wi-Fi Traffic

airodump-ng wlan0mon

Now the screen fills up with real-time data from every AP and client in range:

BSSID                PWR  CH  ENC    ESSID
01:01:AA:BB:CC:22    -40  10  WPA2   Hackers-Arise

BSSID               Station              Frames
01:01:AA:BB:CC:22   A0:A3:E2:44:7C:E5   42

The top half shows the access points. The bottom half shows the clients connected to them. This is gold for a hacker — or a security researcher auditing their own network.

With this information alone (AP MAC, client MAC, channel), you have everything you'd need for the next steps of a Wi-Fi audit. The book hints at what comes next — capturing the WPA2 four-way handshake and running it through a wordlist — but that's a full article in itself.

6.Bluetooth: The other Invisible network

While Wi-Fi is the highway, Bluetooth is the quiet side street.

It was invented in 1994 by Ericsson (and yes, named after a 10th-century Danish king — Harald Bluetooth, who united tribes just like this protocol unites devices). It operates at 2.4–2.485GHz, hops frequencies 1,600 times per second as a security measure, and has a typical range of 10–100 metres.

When two Bluetooth devices connect, they pair — exchanging a secret link key that they store for future recognition. But to be found in the first place, a device must be in discoverable mode, broadcasting its name, class, and services.

Linux uses a Bluetooth protocol stack called BlueZ to interact with all of this.

7.Scanning Bluetooth with BlueZ

Check your Bluetooth adapter:

hciconfig

This is the Bluetooth version of `ifconfig`. It shows your Bluetooth adapter (`hci0`), its MAC address, and its status. To bring it up:

hciconfig hci0 up

Scan for discoverable devices:

hcitool scan

Output:

72:6E:46:65:72:66 ANDROID BT
22:C5:96:08:5D:32 SCH-I535

Two devices, discoverable and broadcasting their names. Your detective has spotted two people on the street.

Get deeper information:

hcitool inq

This gives you the MAC addresses, clock offsets, and device class codes — which tell you what type of device it is (phone, headset, keyboard, etc.).

Discover what services a device offers:

sdptool browse 76:6E:46:63:72:66

You don't even need the device to be in discoverable mode for this one — as long as you have its MAC address, you can ask what services it supports: audio, file transfer, keyboard emulation, and so on.

Check if a device is reachable:

l2ping 76:6E:46:63:72:66 -c 3

Just like `ping` for IP addresses, `l2ping` checks whether a Bluetooth device is alive and in range. Three packets sent, three received — the device is there.

Putting It All Together

Let's recap the detective's workflow for wireless reconnaissance:

All commands in one place

If you found this helpful, a clap (or 50 👏) goes a long way. Drop any questions in the comments — I read every single one.

In this article I can't show you by practicing it because i use vmware and in this wireless network is not there. In future Whenever I practice it I will share it with you.

If you would like to support my cybersecurity learning journey, you can do so here:

https://buymeacoffee.com/nis.sec

You can connect with me on social media platforms.

Linkedin: https://www.linkedin.com/in/nishant-kumar-3a07952b6/

Twitter:https://x.com/BugBugproofmind

#cybersecurity #wifihacking #networking #penetration-testing #kali-linux

< Go to the original