The prevalence of Wi-Fi has been accelerating for two decades, but in the last two years, it’s surged even further as so many people were forced to work from home. That trend led to many strengthening the performance of their Wi-Fi networks. But security remains a problem.
Modern Wi-Fi networks are certainly more secure than early versions, as Wi-Fi security standards have evolved over the years, from Wired Equivalent Privacy (WEP) to Wi-Fi Protected Access (WPA), WPA2, and now WPA3 with its improved security.
With each generation, Wi-Fi security has improved. But it is far from foolproof.
Also read: The Best Wi-Fi 6 Routers Secure and Fast Enough for Business
Challenges of Wi-Fi Security
With so many working from home, no longer is there one user with a single Wi-Fi connection to a laptop. In addition to that one user with multiple devices (laptops, tablets, smartphones, and other systems such as home entertainment and security systems), there are typically multiple users within a home doubling up as a home office. Each user and device represents a potential security threat.
All it takes is one individual to not be careful with their cybersecurity to put the others at risk. With other vulnerabilities such as sharing devices and Wi-Fi access with family members or lax password hygiene, security becomes a real challenge.
Such challenges exist in the office, too. For instance, corporate Wi-Fi networks without privileged access protocols can grant access to visitors, customers, suppliers, contractors, and partners without locking down sensitive systems properly.
Further, Wi-Fi signals don’t necessarily stay behind four walls. Unless security best practices are followed, snoopers can gain access from outside, and hackers can install rogue APIs (application programming interfaces) or crack security encryption with the help of sophisticated hardware sniffers.
But breaches can also be caused by a poorly written policy, improper configurations, coding mistakes, unauthorized access points (APs), and other WLAN vulnerabilities. To catch them, administration policies on continuous surveillance and periodic assessments should be in place.
See our picks for the the Best Antivirus Software
The Evolution of Wi-Fi to Overcome Security Challenges
Older Wi-Fi versions used to be finicky in terms of setup, security protocols, and general ease of use. While these problems have faded over time, as Wi-Fi prevalence grew dramatically, it has reached the point where most users utilize Wi-Fi networks without having much of a clue about how they work or the underlying technology. That degree of simplicity can open the door to security issues.
The advent of 5G cellular networks has caused many enterprises to institute private 5G networks. In fact, research by Omdia predicts that the rate of 5G subscribers will increase from a quarter of a billion subscribers currently to three billion by 2025. And since enterprise 5G networks interact closely with Wi-Fi networks, Wi-Fi performance, security, and other problems can magnify.
However, Wi-Fi 6 and its upcoming successor Wi-Fi 7 hope to address these challenges. In addition to a speed upgrade, Wi-Fi 6 offers more bandwidth and even the potential to replace Ethernet entirely. Vendors are rushing products to market capable of utilizing all this power.
According to Dell-Oro Group, the number of 2.5/5.0 Gbps ports grew by 16% in 2021. Currently, they comprise only 1% of total ports due to the price premium of these newer ports over 1 Gbps. However, the analyst firm expects that the 2.5/5.0 Gbps adoption will accelerate with the ramp of Wi-Fi 6 and the anticipated introduction of Wi-Fi 7 WLAN Access Points.
Also read: Cybersecurity Risks of 5G – And How to Control Them
18 Top Wi-Fi Testing Tools – Free and Paid
Due to the potential of Wi-Fi as well as the security dangers it poses, a number of Wi-Fi testing tools are available. Many are free or open source, but we’ve included pay tools also for those with more sophisticated needs. Some of these tools verify that performance is as it should be or as per an SLA (service-level agreement), whereas others delve into various aspects of security.
These tools provide features such as analysis of Wi-Fi performance and bottlenecks, scanning of networks, site surveys, analysis of Wi-Fi spectrum, heat maps, audits, traffic analysis, packet sniffing, penetration testing, monitoring, management, and inventorying.
There are a plethora of Wi-Fi testing tools available on the market today, and with so many options, each with their own features, advantages, and price points, it can be difficult to choose a solution. Here are some of our top picks for Wi-Fi testing.
Wireshark is an open-source packet sniffer and network protocol analyzer developed by contribution over the past 20 years that enables testers to assess traffic flows and zero in on potentially troublesome packets and vulnerabilities in real time.
Available on Windows, Linux, Mac, and most other OSes, Wireshark can scrutinize connection-level information as well as the various pieces that constitute data packets and hundreds of other protocols, including Wi-Fi.
These evaluations, presented in an easy-to-understand format, allow IT teams to handle security risks such as data parameter pollution, SQL injection, and memory buffer overflows. It is also useful in assessing the security of wireless networks, as it can capture live, over-the-air wireless traffic.
Aircrack-ng is an open-source set of free utilities available from SecTools to analyze Wi-Fi networks for weaknesses. Its focus is 802.11 wireless LANs, with tools available to sniff wireless packets, intercept them and log traffic passing through, manage wireless drivers, recover lost keys, detect issues, and crack WPA and WEP.
Originally designed for Linux, Aircrack-ng can be used to monitor Wi-Fi security and capture data packets and export them to text files for additional analysis on Windows, OS X, FreeBSD, OpenBSD, NetBSD, Solaris, and eComStation 2. The capture and injection of Wi-Fi cards can be done to verify their performance. And pen testers can use Aircrack-ng to attack and crack the WPA and WEP protocols.
CommView for Wi-Fi
Sometimes Wi-Fi exposures can go undetected, but many utilities are available to help administrators capture packets from rogue APs.
CommView for Wi-Fi (free evaluation) provides a list of Wi-Fi stations, per-node and per-channel statistics, ports, sessions, and protocol distribution charts. It lets administrators specify WEP or WPA keys to decrypt the encrypted packets and allows them to configure alarms on suspicious packets, unknown addresses, and rogue APs.
Figuring out what causes Wi-Fi to go wrong can be tedious. To make the diagnostic tasks easier, many lightweight tools are available for troubleshooting Wi-Fi networks.
RF Explorer’s Wi-Fi Combo Model is a simple RF spectrum analyzer that allows administrators to detect sources of RF interference and pick up rogue transmitters. The analyzer runs from an affordable hand-held device that can be hooked up to a PC running sophisticated data acquisition and analysis software.
Sometimes the location of a rogue AP can come from a distant place. To find the location, administrators should consider a stumbler/sniffer tool that supports GPS.
One such tool is Vistumbler, an open-source Windows application that displays the basic AP details and graphs of signal levels. In addition, the administrator can export access point GPS locations to a Google Earth kml file or GPX (GPS eXchange format), which can show the source of APs via Live Google Earth.
It’s not an easy task to figure out where Wi-Fi APs are located, so you can determine their signal strength. Homedale is a convenient way of searching for APs and monitoring their signal strength.
This free tool shows a summary of all available APs with their signal strength, encryption (WEP/WPA/WP2), speed, and channel. Administrators can switch to a graph that dynamically shows the signal strength of detected APs, and right-clicking the mouse makes it possible to start logging data and capturing screenshots.
An assessment that shows SSIDs (service set identifiers) makes it easier for administrators to locate networks. Kismet, an open-source Wi-Fi sniffing tool, finds hidden networks by listening to transmissions from APs. The discovered wireless packets can be imported into Wireshark and TCPdump. However, Kismet is limited to Mac OS X and Linux wireless adapters and only works with CACE AirPcap wireless adapters in Windows.
By AccessAgility, Wi-Fi Scanner has all the tools and integrations for access point discovery, channel planning, speed testing, remote scanning, and packet capture analysis. It is easy to use, is available for Windows and Mac, and is priced under $100 per user per year for one computer.
Dead zones without Wi-Fi coverage can be difficult to uncover in an area of existing Wi-Fi networks. Netspot, a free tool, uses a map on macOS to locate an empty channel with no wireless networks. It helps administrators identify wireless interference and configuration issues and find sources of excessive noise in existing Wi-Fi networks. After fixing the issues, administrators can determine where the new Wi-Fi hotspots should be optimally located.
Graphical charts on RF environments are better viewed on a laptop than on a handheld device. The affordable Wi-Fi Surveyor creates these charts with data collected from a handheld RF Explorer spectrum analyzer. It helps administrators detect sources of RF interference.
Included in this tool is Wi-Fi Scanner, which lets administrators see how far an AP’s signal strength is from the point of measurement they select on the map. Comparing snapshots on existing APs’ details at different times makes it possible to properly locate new Wi-Fi RF devices to avoid RF interferences.
In a multitask environment, running WirelessNetView in the background helps to keep track of the changes in the activity of Wi-Fi networks. When a new network is discovered, this freeware tool triggers a beep. For each detected network, it shows if security has been enabled and CCMP is supported by a Wi-Fi network.
Administrators can download an external file of company names associated with the MAC address for each Wi-Fi device, allowing them to keep a close eye on activity within the network.
Wi-Fite2 is a wireless network auditor designed to use all known methods for retrieving the password of a wireless access point (router). In short, it is a Python script used for auditing wireless networks. As such, Wi-Fite2 runs on top of existing wireless-auditing tools to deal with current or legacy attacks against WEP and WPA2 protocols.
NetAlly offers a full suite of interoperable Wi-Fi network testing and survey solutions to help design and deploy 802.11 and Bluetooth/BLE wireless LANs for optimal performance, security, and compliance. The AirMapper Ecosystem of tools speeds up and simplifies planning, deployment, and validation to ongoing network troubleshooting and optimization. In addition, the AirMapper Site Survey with InSites Intelligence can create visual heat maps of key performance metrics.
inSSIDer by MetaGeek
Recently acquired by Auvik, inSSIDer by MetaGeek is a Wi-Fi visualizer with free and paid versions. It is designed to show how the network is configured and how neighboring Wi-Fi networks affect it as well as to offer suggestions for fast, secure Wi-Fi.
Acrylic offers a variety of W-Fi tools, including heat maps, analyzers, sniffers, investigation, and monitoring. There are professional as well as home and Bluetooth versions.
Wi-FiInfoView by Nirsoft
WifiInfoView by Nirsoft scans the wireless networks in your area and displays extensive information about them, including: network name (SSID), MAC address (BSSID), PHY type (802.11g or 802.11n), signal strength (RSSI), signal quality, frequency, channel number, maximum speed, company name, router model and router name (only for routers that provide this information), and more.
Tamosoft TamoGraph Site Survey
A pay tool for Windows and macOS, TamoGraph is a wireless site survey software tool for collecting, visualizing, and analyzing 802.11 a/b/g/n/ac/ax Wi-Fi data for ongoing analysis and reporting of signal strength, noise and interference, channel allocation, data rates, etc.
LizardSystems Wi-Fi Scanner
Free for personal use on Windows devices, LizardSystems allows you to locate visible wireless networks and their corresponding information. The tool obtains the SSID, RSSI, signal quality, BSSID, channel, maximum and achievable data rate, and security details.
The Ekahau Connect is a free suite of Wi-Fi tools available on Windows that can generate simulated Wi-Fi heatmaps to test access point locations using Ekahau Pro in the initial design phase or can connect to an iPhone or iPad to Ekahau Sidekick and visualize real-time network coverage heat maps from Wi-Fi site surveys.
Read next: Best Enterprise VPN Solutions