[kismac] Re: SSID field in scanning reports?

  • From: Michael Rossberg <mick@xxxxxxxxxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Sat, 6 Dec 2003 22:08:39 +0100

802.11 networks come in two main flavors.  "Managed"
or "infrastructure" networks (that Kismac identifies
as <managed>) involve one or more dedicated "access points".
In an "ad hoc" network (Kismac: <ad hoc>), individual computers
communicate directly, without any access point involved.

there are also "tunnel" networks, which are point to point connections, often referred as WDS.

Kismac may show <hidden ssid>, <no ssid> or blank when it
hasn't yet detected an SSID.  I'm not precisely sure when
each of those is shown (and mileage has varied between different
versions of Kismac).

no ssid means there have been no beacon frames to examine. hidden ssid means that there have been beacons, but the ssid field has been wiped out. kismac shows blank if the recieved ssid consits of spaces or non printable characters.

A "probe request frame" is sent by computers trying to find
access points.  Asking for access points with a specific SSID
(or via "broadcast SSID" to try to get a response from any
access point within range).  Access points send "probe response
frames" back.  (However, hidden access points will generally
not respond to probes to "broadcast SSID".)  The Kismac
<probe> shows probes.

kismac only shows probes if there are a lot of them in a short term. this is generally an indication for a running active stumbler. however there are also some "legal" tools, which make an excessive use of probes


Other related posts: