[kismac] Re: More about SSID and Network Type...

  • From: Bob Cunningham <bob@xxxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Sun, 07 Dec 2003 15:12:27 -1000

I can answer some of those questions.  Would others on the
list please supply answers to the remainder ... if you know?

On Dec 7, 2003, at 6:32 AM, Java Nut wrote:

Thanks, everyone for your replies. I have a few additional questions:

Many models of access points have an option to "hide" the SSID,
which simply means that the AP won't include the SSID in the
beacon frames it sends.  However, the SSID will still show
up in some other types of 802.11 frames that are sent less
often (e.g., "association request",  "reassociation request",
"probe response", and probably a few other types of frames).
In that case (particularly on an essentially idle network),
it can take quite a while for Kismac to detect the SSID when
listening passively.

So, will Kismac take the SSID from these alternative places as well as the beacon?

Yes. Although it may take a while, perhaps a long, long while. (Those frames are sent much more rarely than beacons, and on an inactive network -- with just an AP but no clients -- none of those other packets will be present until there is a client.)

there are also "tunnel" networks, which are point to point connections, often referred as WDS.

Will Kismac detect these?

Yes. I see those all the time. (I live near a retail operation with separate smaller stores and a warehouse operation all with a few blocks of the main store but not adjacent. They have a lot of point-to-point links [<tunnel>] between their locations. All with WEP.)

kismac only shows probes if there are a lot of them in a short term. this is generally an indication for a running active stumbler. however there are also some "legal" tools, which make an excessive use of probes

Can you say what some of these tools are? Why do you imply that Kismac is not a "legal" tool? I would think it really depends on what one does with the information they gather from Kismac and that Kismac can be used for good, legal purposes, or to aid in illegal usage of networks. And I do know there are features to help crack WEP, but I would never use them on someone's network, as I take it that feature is for me to check the security of my own network if I want to know how quickly one could break in or for professionals who are hired to check the security of a particular network.

I think he meant "legal" in the sense of, "a customary use allowed for and
encouraged in the 802.11 specifications".

A typical laptop with an 802.11 NIC, when configured to join a specific
network with a specific SSID will -- by design -- actively probe
for that network (rather than just passively listen and hope to
detect it). "Association Requests" are typically not sent until
after a probe gets a response (because the station needs to learn
other information about the network besides just the SSID; information
that the APs send in probe responses.

There are many, many uses for Kismac that no one would argue about
being "legal".  Checking your own network, checking your customers'
networks, etc.  I've also used it extensively during site surveys
when installing APs for various organizations.  It not only helps
avoid interference with pre-existing setups, but it can also be
useful in determining the most effective locations for new APs.

More casually, I also find Kismac useful in locating bona fide open APs,
especially when travelling.  Almost every downtown area I've
been in has at least one open AP at some coffee shop or another,
but the right one can be hard to find.  Using Kismac to check for
open APs and walking around watching the signal to increase has
lead me to more than one of those places.  [Whereupon I go in,
order a cup of coffee, and ask politely if I can use their AP;
so far, they've always said, "Yes."]

I am curious though how it would be regarded legally if someone used Kismac while traveling to see if there is a network around and happened to find a network with WEP turned off and then used it to reach the Internet for some light duty (low data volume), legal web surfing or email checking without checking whether the owner intended to share the network (or was merely incompentent to not secure his network).

That's more of an ethical issue than a legal issue. Ask yourself whether you believe it's right or not.

Legality depends entirely upon the jurisdiction you're in. I believe few
if any places have specific laws against what you describe. Some places
have general laws that might or might not apply (but not being a lawyer,
I can only guess about that). Trying to break a WEP key (even
the one on your own network!) might or might not be against the law,
depending upon exactly what the laws are where you are.

Of course, if you use the connection for illegal purposes (breaking
into government computers or whatever), almost every jurisdiction
has laws against that, regardless of how you connect.

Other related posts: