How Wifi Analyzers Work
How Do "Wifi Analyzers" Work? Simple, they extract the info from Beacon frames. Beacons contain all the information about an SSID, the capabilities of the network devices and other information that helps clients connect, roam and gather info about its environment. Beacons are sent out roughly every 100 milliseconds (102.4 to be exact) and are not encrypted so everyone on the channel can decipher them. Most free analyzers will passively scan for beacons across all channels and extract the info into an easy to read GUI. See my notes from Chapter 9: MAC of the CWNA study guide which details some info about Passive and Active Scanning. Here a couple of screenshots the show the difference between the packet capture and GUI presentation. Wireshark View Wifiman (for Android) View WinFi (for Windows) View While the packet capture shows us all the details, the GUIs usually breakout the most important stuff like SSID, RSSI, Channel, ...