Updated FAQ (markdown)

FAQ.md

@@ -1,9 +1,20 @@
+### Clients are not automatically connected to the fake access point
+This is a social engineering attack and it's pointless to drag clients in automatically. The script relies on the fact that a user should be present in order to enter the wireless credentials.
 
-## Where is the handshake location? 
+### There's no Internet connectivity in the fake access point
+There shouldn't be one. All of the traffic is being sinkholed to the built in captive portal via a fake DNS responder in order to capture the credentials.
+
+### I need to sign in (on Android)
+This is how the script works. The fake captive portal is set up by the script itself to collect the credentials. Don't freak, it's all okay.
+
+### The MAC address of the fake access point differs from the original
+The MAC address of the fake access point differs by one octet from the original in order to prevent fluxion de-authenticating clients from itself during the session.
+
+### Where is the handshake location? 
 You can find every saved handshake in: <br>
 ```fluxion/attacks/Handshake Snooper/handshakes```
 
-# Where is the temporary folder?
+### Where is the temporary folder?
 You can find that folder in: <br> <br>
 Fluxion 3 <br>
 ```/tmp/fluxspace``` <br> <br>
@@ -11,4 +22,4 @@ Fluxion 2 and older <br>
 ```/tmp/FluxTemp```
 <br>
 <br>
-**Note:** <br>The folder get erased after exit. If the debug mode is on the folder get not erased.
+**Note:** <br>The folder get erased after exit. If the debug mode is on the folder get not erased.