Skip to content

ZeroTrace AirLeak

Live Monitoring

Reading the live device list and the capture-stream header

Live Monitoring is what you spend most of your AirLeak time doing, watching devices appear, watching them update, watching the unit's own health.

The Live tab

Open the device's Live tab in the app. It's a single recycled list of every BLE device the unit has heard, fed by the coalesced capture stream over Bluetooth.

The header is your live readout:

FieldWhat it tells you
Live countDevices active in the recent window
TotalUnique devices aggregated this session
ModeCurrent capture mode
/sEvents per second over the last second

When the device is in Wardrive the header shows that the stream has moved to the Drive page; when it's in Recon it shows the stream is paused.

Each row

Every device appears as a row:

  • Name + MAC, the BLE friendly name (when broadcast), the address, and a random-MAC badge
  • Class, the classifier's verdict
  • Signal, RSSI bars
  • Severity, a color bar from the device's leakage score
  • Last seen, "Xs ago"

Tap a row to open the device's detail page.

Search, filter, sort

  • Search matches name, MAC, or vendor, case-insensitive, live.
  • Filter chips (multi-select): All, Trackers, Leaks, Apple, Android, Audio, Named, Close, Find My, Severe. Each chip shows a live count; empty facets hide themselves to keep the strip clean.
  • Sort: Last seen, Signal (RSSI), Distance, Severity, Observations.

The list pins to the top so newly-seen devices stay visible, but only while you're already at the top; once you scroll down it never yanks you back.

The unit's health

The unit reports health through state.read (the app polls it while connected): free heap, an estimated scan-duty percentage, active device count, events per second, and two drop counters. See State & Health Fields.

The single most useful number is free heap. If it stays comfortably above the safe-mode threshold through a long capture, the unit is healthy. If it's creeping toward the threshold in a very dense environment, the unit may enter Safe Mode.

What "healthy" looks like

  • Live list populating and updating smoothly
  • Drop counters flat (brief climbs in a dense area self-heal via re-snapshot)
  • Scan active (Monitor or Wardrive), not Setup
  • Free heap comfortably above the safe-mode threshold

If any of those drift, see Troubleshooting.

When the unit goes quiet

If you stop seeing devices, check in this order:

  1. Connection still up? If it dropped, the app reconnects and re-snapshots automatically.
  2. Mode is Setup? Switch to Monitor on the Modes tab.
  3. In Recon? The stream is paused by design, leave recon to resume the live list.
  4. Empty environment? Move closer to known devices to confirm the radio is alive.

Most "quiet" reports are mode-related (left in Setup) or a dropped link that's already reconnecting.

The stream is coalesced

The Live list doesn't get a frame for every advertisement, the firmware sends a delta only when a device meaningfully changes (or a 10 s heartbeat). That's why a busy room feels smooth rather than a firehose. See Stream Emit Policy.