For example, I have a known AP (SSID, MAC, password, channel, etc) that's located in one part of town. With only using Kali and wifi adaptors (no Pineapple or Coconut), what would be the best way to detect devices in another part of town that normally connect to the AP?
A couple thoughts,
1) Maybe use hostapd to create a fake AP that has the same exact setup as the known AP (SSID, MAC, password, channel, etc) and see if anything connects. I know if I just do an Evil Twin setup and only mmic the SSID and MAC, the devices won't automatically connect, so I *think* hostapd is best? Maybe even have it provide a proper internet connection so it stays connected to direction find using Wireshark I/O graph. No intention of doing any MITM here, just find devices by spoofing a known AP, have them connect and be connected long enough see signal strength.
2) Maybe I don't need to create a fake AP at all to find devices that connect to it. I wonder if I can configure Kismet to alert me when it see devices probe for the known SSID. I want to be able to see the device long enough to see signal strength though.
3) Any other ideas?
Thanks! -Sig