WiFi Channels Explained: 2.4GHz vs 5GHz and Why It Matters for Testing
Most people know that WiFi has "2.4GHz" and "5GHz" bands. Fewer understand that within each band, there are multiple channels - and that channel selection has real implications for both performance and security testing coverage.
If you're doing wireless security work, channel awareness is fundamental. A deauth test on channel 6 does nothing to a client connected on channel 1. A WiFi scan that only looks at the current channel misses everything else. And a device that only does 2.4GHz has a hard limit on what it can see. Here's the full picture.
The 2.4GHz Band
The 2.4GHz ISM (Industrial, Scientific, Medical) band in most of the world runs from 2.400 GHz to 2.500 GHz - a 100 MHz window. 802.11 WiFi uses 2.401 GHz to 2.495 GHz.
graph LR
subgraph "2.4 GHz Band (14 Channels, 22 MHz wide)"
subgraph "Non-Overlapping Set 1"
C1["Ch 1
2.401-2.423 GHz"]
C6["Ch 6
2.426-2.448 GHz"]
C11["Ch 11
2.451-2.473 GHz"]
end
subgraph "Overlapping Channels (examples)"
C2["Ch 2
overlaps 1,3,4,5"]
C3["Ch 3
overlaps 1-6"]
C9["Ch 9
overlaps 6-12"]
end
C1 -.->|"Co-channel
interference"| C2
C2 -.->|"Adjacent channel
interference"| C3
C3 -.->|"Overlaps with"| C6
end
subgraph "5 GHz Band (25+ Channels, 20/40/80/160 MHz)"
subgraph "UNII-1 (Indoor)"
C36["Ch 36"]
C40["Ch 40"]
C44["Ch 44"]
C48["Ch 48"]
end
subgraph "UNII-2 (DFS Required)"
C52["Ch 52"]
C56["Ch 56"]
C100["Ch 100"]
C140["Ch 140"]
end
subgraph "UNII-3 (High Power)"
C149["Ch 149"]
C153["Ch 153"]
C161["Ch 161"]
C165["Ch 165"]
end
end
2.4 GHz band has only 3 non-overlapping channels with frequent interference, while 5 GHz offers 25+ non-overlapping channels across multiple bands
Each WiFi channel in the 2.4GHz band is 22 MHz wide (for 802.11b/g/n at standard bandwidth). The channel center frequencies are spaced 5 MHz apart, starting at channel 1 (2.412 GHz) and going up to channel 14 (2.484 GHz). Most countries allow channels 1-13. The US allows channels 1-11. Channel 14 is restricted to Japan and only for 802.11b.
The key problem: 22 MHz channels spaced 5 MHz apart overlap significantly. Channel 1 occupies 2.401-2.423 GHz. Channel 2 occupies 2.406-2.428 GHz. They share most of the same spectrum. Devices on adjacent channels interfere with each other.
2.4GHz WiFi channels and their frequency overlap. Only channels 1, 6, and 11 are non-overlapping in North America. (Diagram: Wikimedia Commons, CC BY-SA 3.0)
Non-Overlapping Channels: 1, 6, and 11
Given the 22 MHz channel width and 5 MHz spacing, the only way to have multiple APs on 2.4GHz without channel overlap is to use channels that are at least 5 channels apart. With the 1-11 channel range available in the US:
- Channel 1: center at 2.412 GHz
- Channel 6: center at 2.437 GHz (25 MHz above channel 1 - no overlap)
- Channel 11: center at 2.462 GHz (25 MHz above channel 6 - no overlap)
These three channels don't overlap with each other. Any other combination of three or more 2.4GHz channels will have some overlap between at least two of them. This is why enterprise WiFi planning for 2.4GHz almost universally recommends deploying APs on channels 1, 6, and 11 in a pattern that minimizes co-channel interference.
In the 1-13 range (most of the world outside the US), you technically have a fourth option: channels 1, 5, 9, and 13 can be arranged with minimal overlap, though the 22 MHz channels and 20 MHz actual occupied bandwidth don't perfectly fit four non-overlapping channels in 83 MHz of usable spectrum. The 1/6/11 recommendation holds in most practice.
Co-Channel vs Adjacent Channel Interference
Two types of interference matter in the 2.4GHz band:
- Co-channel interference: Two APs on the same channel in the same area compete for airtime. 802.11 uses CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) - devices listen before transmitting to avoid collisions. When two APs are on the same channel, they're politely sharing the medium. This reduces throughput but maintains compatibility.
- Adjacent channel interference: Two APs on overlapping channels (e.g., channels 3 and 5) create interference that CSMA/CA doesn't handle well. The frames from the channel 5 AP are partially in the channel 3 AP's band but don't look like valid channel 3 frames to that AP. This creates noise that neither side can properly manage. Adjacent channel interference is worse than co-channel interference.
From a security testing perspective: when you're scanning for APs or monitoring frames, you're constrained by the same physics. Capturing on channel 6 means you can hear APs and clients on channel 6 clearly, and you might pick up some traffic from channels 5 and 7 due to overlap (though it's likely garbled), but you see nothing from channel 1 or 11.
The 5GHz Band
The 5GHz band (technically 5.1 GHz to 5.9 GHz for WiFi purposes) offers significantly more spectrum and more non-overlapping channels. The exact channels available depend on your region's regulatory domain, but the US allows around 25 non-overlapping 20 MHz channels.
5GHz channels are also 20 MHz wide in standard configuration, but the band is wide enough that they don't overlap the way 2.4GHz channels do. With proper channel planning, you can have many APs in the same area all on non-overlapping channels. This is one of the main performance advantages of 5GHz in dense environments.
802.11n and 802.11ac support channel bonding - combining adjacent 20 MHz channels into 40 MHz, 80 MHz, or 160 MHz wide channels for higher throughput. This uses more spectrum but achieves higher theoretical speeds for clients that support it.
5GHz also attenuates faster through walls and obstacles than 2.4GHz. The higher frequency means shorter range. This is a real-world trade-off: 5GHz offers more channels and less interference, but requires more APs to cover the same area.
Free-space path loss across WiFi frequency bands: higher frequencies (5GHz) lose signal faster over distance than 2.4GHz. (Diagram: Wikimedia Commons, CC BY-SA 4.0)
The 6GHz Band (WiFi 6E and WiFi 7)
WiFi 6E and WiFi 7 add the 6 GHz band (5.925-7.125 GHz in the US), adding approximately 1.2 GHz of additional spectrum. This unlocks 7 additional non-overlapping 160 MHz channels, or 59 additional 20 MHz channels. It's a massive expansion of available spectrum.
WiFi 6E and WiFi 7 are increasingly common in new enterprise equipment and consumer routers. Legacy devices don't support it. From a security testing perspective, 6 GHz represents a blind spot for 2.4 GHz-only tools.
The BLEShark Nano's 2.4GHz Constraint
The ESP32-C3 in the BLEShark Nano is a 2.4GHz radio. It supports channels 1-13 (regulatory domain dependent) and can monitor the full 2.4GHz WiFi band. It cannot see 5GHz or 6GHz traffic.
This is not unique to BLEShark Nano - most low-cost WiFi security tools are 2.4GHz only. The ESP32 is a BLE + 2.4GHz WiFi chip by design. Adding 5GHz would require a completely different radio, at higher cost and complexity.
What this means in practice:
- Modern devices with dual-band or tri-band capability will often prefer 5GHz. They may not appear in 2.4GHz scans if they're only broadcasting on 5GHz.
- Most routers broadcast SSIDs on both 2.4GHz and 5GHz. The 2.4GHz scan gives you the AP list, but the clients may be connecting on 5GHz - making deauth attempts on 2.4GHz ineffective against those clients.
- For 5GHz-only devices and networks, you need a dedicated 5GHz monitor mode adapter for testing.
Despite this, 2.4GHz coverage remains valuable. IoT devices, older devices, and networks that need long-range connectivity still predominantly use 2.4GHz. Smart home devices (bulbs, locks, sensors) commonly use 2.4GHz-only chipsets. In many environments, a significant portion of connected devices are on 2.4GHz.
graph TD
subgraph "Channel Width Impact on Testing"
W20["20 MHz Channel
Single channel occupied"]
W40["40 MHz Channel
2 channels bonded"]
W80["80 MHz Channel
4 channels bonded"]
W160["160 MHz Channel
8 channels bonded"]
W20 -->|"Fewer APs affected
More precise scan"| TEST1["Targeted
single-channel test"]
W40 -->|"Adjacent channels
also monitored"| TEST2["Wider capture
range needed"]
W80 -->|"Significant spectrum
4 channels active"| TEST3["Must scan
multiple channels"]
W160 -->|"Half the 5GHz band
rare in practice"| TEST4["Full band
monitoring required"]
end
subgraph "Security Testing Implications"
SCAN["WiFi Scanner
(e.g., BLEShark Nano)"] --> DETECT["Detect channel
usage patterns"]
DETECT --> OVERLAP["Identify
co-channel APs"]
DETECT --> ROGUE["Find rogue APs
on unexpected channels"]
DETECT --> DFS["Detect DFS
channel usage"]
OVERLAP --> PLAN["Plan test
channel selection"]
ROGUE --> ALERT["Alert: unauthorized
device"]
DFS --> RADAR["Note: radar
interference risk"]
end
How channel width affects spectrum usage and why it matters when scanning or testing WiFi networks
Channel Selection for Security Testing
When you're setting up a deauth test, handshake capture, or any other Wi-Fi tool with the BLEShark Nano, you need to know which channel the target AP is operating on. A test on the wrong channel does nothing. In all cases, the BLEShark Nano will select the correct channel for you.
The BLEShark Nano's WiFi scan tells you which channel each detected AP is using. When you select a target for deauth or capture, you lock to that channel. The device monitors that channel for client associations and sends deauth frames on that channel.
For environments where you want complete 2.4GHz coverage, this is where the Shiver mesh system is useful. With multiple BLEShark Nanos, you can partition the channels across devices - one node monitors channels 1-4, another monitors channels 5-8, another monitors 9-13. Deauth events or handshake captures on any channel are visible to the corresponding node and reported to the master device over ESP-NOW mesh (up to 16 nodes, 20-50m range).
This coordinated channel partitioning eliminates blind spots. A deauth attack coming from a device on channel 11 while you're monitoring channel 6 on a single device would be invisible - but not if you have nodes on both channels.
Non-WiFi Interference on 2.4GHz
The 2.4GHz ISM band is shared with other technologies:
- Bluetooth: Bluetooth classic uses frequency hopping across 79 channels in the 2.4GHz band. BLE uses 40 channels with 3 fixed advertising channels. Both coexist with WiFi through careful spectrum planning.
- Microwave ovens: Operate at 2.45 GHz. A poorly shielded microwave oven leaks significant RF energy in the WiFi band and can cause interference on channels 6-11.
- Zigbee and Z-Wave: IoT protocols that also operate in 2.4GHz. Zigbee specifically overlaps significantly with WiFi channels.
- Baby monitors, wireless cameras, cordless phones: Various 2.4GHz devices that may not be 802.11-compliant and can create interference.
For a security audit, noting unusual interference sources on specific channels can be useful context. A deauth that appears to fail might actually be succeeding - but the client is immediately reconnecting, and the reconnection frames are getting lost in interference. Spectrum analysis helps disambiguate these cases.
Channel Configuration on BLEShark Nano
Channel selection on the BLEShark Nano is automatically configured. When using the Shiver mesh, the initiator device coordinates channel assignments across nodes. The channel partitioning can be configured to split channels evenly across the available nodes, or you can manually assign channels to specific nodes for scenarios where you care more about certain parts of the spectrum.
The 2.4GHz channel assignment in the mesh is one of the more powerful features for professional wireless assessments - it's coverage that would otherwise require multiple laptops with separate WiFi adapters, at a fraction of the cost and complexity.
WiFi channel monitoring and analysis should be performed only in environments where you have authorization. Even passive monitoring of traffic may have legal implications in some jurisdictions depending on the nature of the traffic and your authorization level.