WiFi network device behavior analysis
One of the new features of Acrylic WiFi Professional is the Stations screen, which displays WiFi device behavior and performance information.
When a WiFi traffic capture is performed on Monitor Mode, all wireless network packets sent by each device are captured. By analyzing WiFi traffic, it is possible to know how a detected WiFi device is behaving, and it is classified under the following categories:
Undefined Active: A device sending traffic to the wireless network, which MAC address originated a WiFi frame.
Undefined Passive: An invisible, out-of-range device which existence can be inferred from the fact that its MAC address is the recipient of a WiFi packet. This status is usually assigned to a device that is located at the edge of the WiFi access point coverage area.
Access Point: A device propagating messages over a WiFi network (SSID) through Beacon management packets.
Connected: A device connected to a WiFi network (Access Point) and exchanging network traffic with the AP.
Requesting: A device requesting to connect to any existing WiFi network available. This behavior can also be found in AP’s with WIDS capabilities.
“Current Status” column displays current time device status and last detected status according to the device behavior. This information can be very useful to detect anomalies and to discover Rogue AP’s phishing attacking corporate access points.
WiFi Stations functionality and WiFi Device Behavior Analysis Video
As usual, it is always best to follow an Acrylic WiFi video tutorial to learn these theoretical concepts…