I'll admit to using the technique described in the article to hide the SSID for several access points I've install. And -- with KisMAC -- I've seen other access points configured that way. [Why? As the article points out, not broadcasting the SSID (i.e., removing it from BEACON packets) is not really secure. However, it does a little something discourage casual users. And not all access points can be configured to do it.] But frankly, I don't think KisMAC needs to "go active" in order to discover SSIDs which are hidden this way. When I monitor an access point set up that way with KisMAC what I see most of the time is a blank SSID. However, if I monitor a busy access point for long enough, the SSID will occasionally show. Only to vanish again quickly. Literally, "in the blink of an eye". I haven't found the logic behind that in the source code yet, but what I think happens is that while SSIDs are being suppressed in the beacons ... occasionally an ASSOCIATE or REASSOCIATE frame shows up. Which does have the SSID. KisMAC seems to (correctly) display that, but it quickly goes away. Probably because a beacon packet (without the SSID) shows up. Perhaps if the logic want changed so that: If an SSID shows up in in an ASSOCIATE or REASSOCIATE packet, display it. if BEACON packets show up afterwards with zero length SSID, do not change the display. ... in other words: if a non-zero-length SSID shows up, keep displaying it. Even if subsequent BEACON frames from that access point have zero-length SSIDs. On Wednesday, Apr 9, 2003, at 12:43 Pacific/Honolulu, Robbie Miller wrote: > > I think the next release of kismac should include the ability to > discover the name of hidden SSIDs. > http://www.tisc2002.com/newsletters/416.html > I have found this document, some of the options on the site would cause > the Kismac to reveal it's self. > So in my opinion I think that there should be a menu option to make > kismac attempt to discover the SSID. > >