The heart of inSSIDer has always been a Wi-Fi scanner even though we added basic spectrum analysis in inSSIDer Office. Adding packet analysis to inSSIDer required a complete overhaul of the backend to seamlessly merge information from Wi-Fi scanning and packet analysis into a unified data model.

The new inSSIDer backend prefers packet analysis if available, falling back to Wi-Fi scanning when no packet capture adapters are available or if they are busy. For example, when inSSIDer starts and is scanning all channels, if a packet capture adapter is available it will be used, otherwise the Wi-Fi scanner will be used.

When you drill down to view a specific network, the packet capture adapter will be tasked to scan all channels used by that network. In order to continue monitoring all the other channels the Wi-Fi scanner will also be used. When you drill into a specific AP’s radio or client that is on a single channel, the packet capture will monitor that channel continuously while the Wi-Fi scanner continues to gather information about all the other channels.

While in packet capture mode inSSIDer looks at the metadata of each and every packet to analyze: data rate, signal, noise, frame type, etc. inSSIDer then aggregates information from thousands of packets to build an understanding of each client and network. inSSIDer also uses the packets sent immediately before and after a packet to assist in piecing together the Wi-Fi conversations. For example if inSSIDer captures an RTS, CTS… ACK it will infer the missing Data packet and use the Duration field of the CTS packet to account for the airtime of the missing packet.

Most packet analyzers struggle to “see the forest for the trees” because they are focused on parsing each and every field of each and every packet without understanding how packets relate to each other, especially how millions of packets are related to, and impact each other.

Wireshark showing ALL of the details of a beacon packet

inSSIDer 5 takes a different approach – each packet is viewed as a small piece of the bigger picture with lightweight analysis of all packets and deeper analysis on packets of interest (retries, action frames, roaming, etc.). This is very meta and very geeky…

Each packet is placed into the context of a conversation, each conversation is placed into the context of a channel of conversations and then all channels are analyzed to provide a comprehensive view of the Wi-Fi environment.

Client Utilization Table

Learn more about inSSIDer 5 at metageek.com/products/inssider