WLAN Pi Profiler

Profiler is a station capability analyzer. It automates the collection and analysis of association frames which contain a stations claimed capabilities.

One of the many challenges we face working with Wi-Fi is determining the 'actual' capabilities of a Wi-Fi device. Mike Albano (@mike_albano) maintains a database of device capabilities over at clients.mikealbano.com

Where does this information come from? The clients themselves!

When a Wi-Fi station attempts to associate to an AP, the station will share capability information so that the AP can communicate with the station efficiently. This capability information is not always published or easy to locate, WLAN Pi Profiler makes the gathering of this detail a breeze!

WLAN Pi Profiler works like this:

  1. Makes use of Scapy (python library) to create a "fake" access point by transmitting specifically forged beacon frames

  2. Listens for an association frame, decodes the frame and parses out the relevant Wi-Fi capability information about the device

Device information that Profiler can reveal:

  • 802.11k/r/v/w support

  • 802.11n/ac/ax support

  • Max No. of Spatial Streams

  • Beamforming support

  • Supported MCS Rates

  • Max Tx Power

  • Supported 5 GHz channels

Step 1 - Start Profiler

Profiler can be initiated via Front Panel Menu System or the command line interface


  1. Navigate: Apps > Profiler > Start

  2. Screen displays: Starting...

  3. Wait 3-6 seconds

  4. Screen displays: Success, Profiler started.

Watch out for non-transmission on default 5 GHz channel in many regions


  1. Open your web browser of choice

  2. Navigate to http://wlanpi-xyz.local

  3. Change xyz to match your own WLAN Pi

  4. Click on the Admin tab

  5. Login with your WLAN Pi credentials

  6. Display 'all' the available Profiler commands:

    sudo profiler -h

  7. Activate Profiler on a channel of your choosing:

    sudo profiler -c 48

Step 2 - 'Profile' a Wi-Fi device

Smart device capable of reading a QR code

  1. Via FPMS navigate: Apps > Profiler > Status

  2. Scan the QR code with your iPhone/Android smart-device

  3. 'Action' the discovered Wi-Fi network by tapping on the pop-up This 'should' initiate an attempt to associate with your WLAN Pi 'fake AP'

The association will fail! This is expected behaviour

If nothing happens after 10 seconds consider repeating the process, scan the QR code again, Profiler does not forge and transmit beacon frames every 102.4 ms

When an association attempt is successfully captured FPMS will indicate this with message:

Device Profiled xx:xx:xx:xx:xx:xx

Less smart device 'incapable of QR code association'

  1. Via FPMS Navigate: Apps > Profiler > Status

  2. Take your device and attempt to associate to the SSID displayed on the WLAN Pi screen SSID: wlanpi-xyz passphrase: does_not_matter

What you enter as a passphrase is not relevant! You can enter any string of at least 8 characters you wish, when prompted for the PSK. You may get a message warning you that the passphrase is incorrect, this is expected behaviour. The goal is getting the client device to transmit an association request frame which contains the information we seek.

It may take your device a few scans before it detects the profiler SSID. The way Profiler forges and transmits beacon frames they are not consistently transmitted every 102.4ms.

Step 3 - Analyze the results

  1. Open a new tab, in your chosen browser

  2. Navigate to http://wlanpi-xyz.local

  3. Click on the Profiler tab, from here you can:

    1. View test results within the browser window

    2. Download the association request pcap Open the pcap in your packet analysis tool of choice

Step 4 - Profile that same device again

  1. Profile your primary device again, what happens?

  2. Enable Low Power mode on your primary device (if you can)

  3. Profile your primary device again, what happens? What is different now?

Step 5 - Profile the other frequency band

Profiler is only able to capture device capabilities for the frequency band on which you are broadcasting the 'fake AP'. Profile a device on the 'other' band.


  1. Stop Profiler, navigate to Apps > Profiler > Stop

  2. Start Profiler on the 2.4 GHz band, Apps > Profiler > Start on 2.4 GHz


  1. Stop Profiler with command

    sudo profiler stop

  2. Start Profiler on specific channel (from the other frequency band)

    sudo profiler -c 11

Step 6 - Profile Additional Devices

Test any and all other devices you have with you to capture and view their capabilities on both frequency bands.

Step 7 - Download Profiler Report

Navigate your way to the Profiler section of the WLAN Pi web GUI, download the report CSV.

This includes all the data you just collected. You should see a separate report for each frequency band.

Step 8 - Share your results

  1. Browse to https://clients.mikealbano.com and look through the list

  2. Check whether any of the devices you profiled just now are absent from the list? If you wish to share your profiled device capabilities:

    1. Click on the menu item “How to Contribute”

    2. Skip to step 2

    3. Continue to follow the on-screen instructions

Learn more about usage and the details from the wlanpi-profiler repository.

Last updated