[kismac] Re: SSIDs

  • From: Bob Cunningham <bob@xxxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Wed, 9 Apr 2003 19:05:39 -1000

I'll admit to using the technique described in the article to hide
the SSID for several access points I've install.  And -- with
KisMAC --  I've seen other access points configured that way.

[Why?  As the article points out, not broadcasting the SSID
(i.e., removing it from BEACON packets) is not really secure.
However, it does a little something discourage casual users.
And not all access points can be configured to do it.]

But frankly, I don't think KisMAC needs to "go active" in
order to discover SSIDs which are hidden this way.

When I monitor an access point set up that way with
KisMAC what I see most of the time is a blank SSID.
However, if I monitor a busy access point for long enough,
the SSID will occasionally show.  Only to vanish again quickly.
Literally, "in the blink of an eye".

I haven't found the logic behind that in the source code yet,
but what I think happens is that while SSIDs are being
suppressed in the beacons ... occasionally an ASSOCIATE
or REASSOCIATE frame shows up.  Which does have the
SSID.  KisMAC seems to (correctly) display that, but it quickly
goes away.  Probably because a beacon packet (without
the SSID) shows up.

Perhaps if the logic want changed so that:

        If an SSID shows up in in an ASSOCIATE or
        REASSOCIATE packet, display it.

        if BEACON packets show up afterwards with
        zero length SSID, do not change the display.

... in other words:  if a non-zero-length SSID shows up,
keep displaying it.  Even if subsequent BEACON frames
from that access point have zero-length SSIDs.

On Wednesday, Apr 9, 2003, at 12:43 Pacific/Honolulu, Robbie Miller 

> I think the next release of kismac should include the ability to
> discover the name of hidden SSIDs.
> http://www.tisc2002.com/newsletters/416.html
> I have found this document, some of the options on the site would cause
> the Kismac to reveal it's self.
> So in my opinion I think that there should be a menu option to make
> kismac attempt to discover the SSID.

Other related posts: