[kismac] More about SSID and Network Type...

  • From: "Java Nut" <javanut20@xxxxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Sun, 07 Dec 2003 10:32:47 -0600

Thanks, everyone for your replies. I have a few additional questions:

Many models of access points have an option to "hide" the SSID,
which simply means that the AP won't include the SSID in the
beacon frames it sends.  However, the SSID will still show
up in some other types of 802.11 frames that are sent less
often (e.g., "association request",  "reassociation request",
"probe response", and probably a few other types of frames).
In that case (particularly on an essentially idle network),
it can take quite a while for Kismac to detect the SSID when
listening passively.

So, will Kismac take the SSID from these alternative places as well as the beacon?

A "probe request frame" is sent by computers trying to find
access points.  Asking for access points with a specific SSID
(or via "broadcast SSID" to try to get a response from any
access point within range).  Access points send "probe response
frames" back.  (However, hidden access points will generally
not respond to probes to "broadcast SSID".)  The Kismac
<probe> shows probes.

Will the Mac Address shown for a probe entry be that of the probing network interface or the network access point detected via the response to the probe?

there are also "tunnel" networks, which are point to point connections, often referred as WDS.

Will Kismac detect these?

no ssid means there have been no beacon frames to examine. hidden ssid means that there have been beacons, but the ssid field has been wiped out. kismac shows blank if the recieved ssid consits of spaces or non printable characters.

Will the <hidden> marker be replaced if the SSID shows up in other types of frames, and which?

Under what conditions can the network type be blank?

kismac only shows probes if there are a lot of them in a short term. this is generally an indication for a running active stumbler. however there are also some "legal" tools, which make an excessive use of probes

Can you say what some of these tools are? Why do you imply that Kismac is not a "legal" tool? I would think it really depends on what one does with the information they gather from Kismac and that Kismac can be used for good, legal purposes, or to aid in illegal usage of networks. And I do know there are features to help crack WEP, but I would never use them on someone's network, as I take it that feature is for me to check the security of my own network if I want to know how quickly one could break in or for professionals who are hired to check the security of a particular network.

I am curious though how it would be regarded legally if someone used Kismac while traveling to see if there is a network around and happened to find a network with WEP turned off and then used it to reach the Internet for some light duty (low data volume), legal web surfing or email checking without checking whether the owner intended to share the network (or was merely incompentent to not secure his network).

Don?t worry if your Inbox will max out while you are enjoying the holidays. Get MSN Extra Storage! http://join.msn.com/?PAGE=features/es

Other related posts: