[kismac] Re: What results in <no-ssid> in scan output?
- From: Paul Jacoby <pej@xxxxxxxx>
- To: kismac@xxxxxxxxxxxxx
- Date: Wed, 9 Aug 2006 17:56:37 -0500
I don't think you need to use a de-auth flood to determine this...but
I could be wrong. Sniff the traffic going to this wap's channel and
tell kismac to save it to a pcap file. Open the pcap in ethereal and
see if you can see the ssid there. Don't remember the ethereal filter
exactly right now...just got back from Defcon and I'm a little
fuzzy ;-)
Defcon fuzz....ah the memories ;-)
The interesting thing about the pcap is that the structure of the
Beacon packets is different, such that there is NO ssid value or data
structure at all. I'm guessing the Malcolm is assuming there will
always be an SSID structure, maybe by a specific byte offset, and is
picking up junk off the tail end of the buffer when one is not
actually there.
I'll have to consider if a deauth flood from the Walmart parking lot
is a good idea or not...might need to go inside and buy some cheap
sunglasses first ;-)
Other related posts:
