Re: Wireless SSID discovery

From: Michael Puchol (mpuchol@sonar-security.com)
Date: Wed Dec 22 2004 - 03:31:06 EST


Hi Andrew,

I know you have got some answers that point you in the right direction,
but for the record, some APs use the 'hide SSID' function to remove the
SSID from the beacon frames, but they still include it in the probe
replies (i.e. Netstumbler will still catch it). A passive scanner such
as Kismet would have to wait until a client probed or associated or
reassociated to the AP. Other APs will also remove the SSID from the
probe responses, or not respond to probes at all (the early Intel APs
did this by default, their out-of-the-box SSID was 101).

Hiding the SSID is false security, any person one step higher than a
kiddie will be able to get it from sniffing one way or another. It can
also affect the network's performance.

Best regards,

Mike
mother@netstumbler.com

Andrew Bagrin wrote:
> I'm doing a wireless pen-test and am able to use aircrack to crack
> the wep key, however, when I use Kismet, Cain, airdump etc.. I can't
> get the SSID of a the access point if the SSID broadcast has been
> disabled. Does anyone know how to do this, or is there any tools that
> will let you get the SSID even if its not being broadcasted.
>
> Thanks,
>
> Andrew
>
>



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:11 EDT