In message <p3rf67hu1kr7loostpq48ql7rbkdbrahj7@4ax.com> someone claiming
to be Aaron Leonard <Aaron@Cisco.COM> typed:

>
>>>How can I detect if my router is giving out WPA or WPA2?
>>>Like, to verify it's functioning as I set it.
>>
>>What? You don't trust the manufacturer and its outsourced firmware
>>programmers?
>>
>>>inSSIDer seems to call both WPA. Is there any other software that says
>>>that'd do it?
>>
>>That's a common complaint about inSSIDer. Try Xirrus wifi inspector,
>>which I think does it right.
>><http://www.xirrus.com/library/wifitools.php>
>>It will show the default encryption and authentication method.
>>However, if the router offers WPA-TKIP, WPA-TKIP, and WPA2-AES, it
>>will only show the highest level of encryption offered and not the
>>others.
>
>inSSIDer does distinguish, but apparently only shows the *lowest*
>level. I.e. an AP that supports WPA/TKIP and WPA2/AES is shown as
>supporting (in the "Privacy" column) "WPA-TKIP", while an AP that is
>configured for *only* WPA2/AES is shown as supporting "RSNA-CCMP".

Showing either the highest or lowest alone seems to be pointless.

Listing only the lowest gives you a reasonable idea of the minimum level
of security (the level that should probably be assumed) but it doesn't
help if you want to know what capabilities are available to more capable
hardware.

Conversely displaying only the highest is outright stupid since you may
assume your network is appropriately secure when it turns out a majority
of the network uses a less secure choice.

--
It's always darkest before dawn. So if you're going to
steal your neighbor's newspaper, that's the time to do it.