Penetration Testing mailing list archives

Re: Wireless SSID discovery

From: Michael Puchol <mpuchol () sonar-security com>
Date: Wed, 22 Dec 2004 09:31:06 +0100

Hi Andrew,

I know you have got some answers that point you in the right direction,but for the record, some APs use the 'hide SSID' function to remove theSSID from the beacon frames, but they still include it in the probereplies (i.e. Netstumbler will still catch it). A passive scanner suchas Kismet would have to wait until a client probed or associated orreassociated to the AP. Other APs will also remove the SSID from theprobe responses, or not respond to probes at all (the early Intel APsdid this by default, their out-of-the-box SSID was 101).

Hiding the SSID is false security, any person one step higher than akiddie will be able to get it from sniffing one way or another. It canalso affect the network's performance.


Best regards,

Mike
mother () netstumbler com

Andrew Bagrin wrote:

I'm doing a wireless pen-test and am able to use aircrack  to crack
the wep key, however, when I use Kismet, Cain, airdump etc.. I can't
get the SSID of a the access point if the SSID broadcast has been
disabled.  Does anyone know how to do this, or is there any tools that
will let you get the SSID even if its not being broadcasted.

Thanks,

Andrew

Current thread:

Wireless SSID discovery Andrew Bagrin (Dec 20)
- Re: Wireless SSID discovery marko ruotsalainen (Dec 21)
  - Re: Wireless SSID discovery Andrew Bagrin (Dec 21)
    - Re: Wireless SSID discovery Konstantin V. Gavrilenko (Dec 22)
- Re: Wireless SSID discovery Christopher Blume (Dec 22)
- Re: Wireless SSID discovery Michael Puchol (Dec 22)
- Re: Wireless SSID discovery Olivier Fauchon (Dec 22)
- <Possible follow-ups>
- RE: Wireless SSID discovery Todd Towles (Dec 21)
  - Re: Wireless SSID discovery Aaron Drew (Dec 22)
    - Re: Wireless SSID discovery Seth Fogie (Dec 22)
- RE: Wireless SSID discovery Rapaille Max (Dec 22)
- RE: Wireless SSID discovery Todd Towles (Dec 22)