(1) This document discusses fingerprinting wireless access points through passive analysis of probe responses before attempting authentication. (2) It proposes examining unusual combinations of header field values to fingerprint the access point in a simple and low-cost manner similar to IP stack fingerprinting. (3) Factors like clock skew, timing of probe requests, and reaction to "gibberish" frame values may help identify access points without full authentication.