The technique proposed by the present invention is stealth, since it makes advantage of the captive portal detection packet exchange between a station and an Access Point to passively classify the AP. The present invention begins with a captive portal detection packet exchange event, which occurs when a station connects to an AP and is checking Internet connectivity of the AP to verify if AP contains a captive portal. Internet connectivity is verified by sending an HTTP request packet (usually a request with code 204) to a known IP domain, in which response is known and comparing the AP response with the expected response (usually a “no content” packet). In general, if response is different from expected, devices trigger captive portal and display a webpage that is delivered by the Access Point to the user. The present invention is executed passively during the beginning of the AP connection. However, it can be executed actively at any time the device remains connected by sending a specific request HTTP packet that will trigger an HTTP response from the AP. In case a captive portal is not detected in AP, an HTTP request can be sent directly to the gateway IP of the AP to obtain a response from the AP gateway HTTP server.