A Wi-Fi scanner works by listening for and identifying wireless networks (SSIDs) within range using either active or passive scanning techniques.
Here's a breakdown of how it works:
Wi-Fi Scanning Methods
Wi-Fi scanners employ two primary methods to detect available networks: active scanning and passive scanning.
-
Active Scanning:
- The Wi-Fi scanner, acting as a client, sends out a "probe request" frame. This frame essentially asks, "Are there any Wi-Fi networks out there?"
- The probe request contains information about the networks the client already knows, or it can be a "wildcard" request to find all networks regardless.
- Access Points (APs) that receive the probe request and whose SSID matches the requested SSID (or if it's a wildcard request) respond with a "probe response" frame.
- The probe response contains information about the network, such as its SSID, supported data rates, security protocols (e.g., WPA2, WPA3), and other parameters.
- The Wi-Fi scanner collects these probe responses to build a list of available networks.
-
Passive Scanning:
- Instead of actively sending out requests, the Wi-Fi scanner passively listens on each Wi-Fi channel.
- APs periodically broadcast "beacon" frames. These beacons are like announcements, advertising the existence of the network.
- The beacon frame contains similar information to the probe response: SSID, supported data rates, security protocols, etc.
- The Wi-Fi scanner listens for these beacon frames and uses the information within to identify available networks.
Comparison of Active vs. Passive Scanning
Here's a table summarizing the key differences between active and passive scanning:
| Feature | Active Scanning | Passive Scanning |
|---|---|---|
| Mechanism | Sends probe requests, listens for responses | Listens for beacon frames broadcast by APs |
| Speed | Generally faster | Generally slower |
| Power Consumption | Higher (due to transmitting) | Lower (only listening) |
| Detection of Hidden SSIDs | Can detect hidden SSIDs if the client already knows the SSID and sends a directed probe request | Cannot reliably detect hidden SSIDs |
| Network Impact | Slightly more intrusive | Less intrusive |
How a Wi-Fi Scanner Presents Information
Once the Wi-Fi scanner has collected information about available networks, it typically presents it to the user in a list. This list usually includes:
- SSID (Service Set Identifier): The name of the network.
- Signal Strength (RSSI): An indication of how strong the signal is (usually measured in dBm). A higher (less negative) value indicates a stronger signal.
- Security Protocol: The type of security used (e.g., WPA2, WPA3, WEP, Open).
- MAC Address (BSSID): The unique identifier of the Access Point.
- Channel: The Wi-Fi channel the network is operating on.
Use Cases
Wi-Fi scanners have a variety of applications, including:
- Troubleshooting network connectivity: Identifying areas with poor signal strength.
- Finding open networks: Discovering publicly available Wi-Fi hotspots.
- Network security auditing: Identifying unauthorized or rogue access points.
- Site surveys: Determining the optimal placement of access points for maximum coverage.
