[kismac] Re: What results in <no-ssid> in scan output?

  • From: Paul Jacoby <pej@xxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Wed, 9 Aug 2006 17:56:37 -0500

I don't think you need to use a de-auth flood to determine this...but
I could be wrong. Sniff the traffic going to this wap's channel and
tell kismac to save it to a pcap file. Open the pcap in ethereal and
see if you can see the ssid there. Don't remember the ethereal filter
exactly right now...just got back from Defcon and I'm a little fuzzy ;-)

Defcon fuzz....ah the memories ;-)

The interesting thing about the pcap is that the structure of the Beacon packets is different, such that there is NO ssid value or data structure at all. I'm guessing the Malcolm is assuming there will always be an SSID structure, maybe by a specific byte offset, and is picking up junk off the tail end of the buffer when one is not actually there.

I'll have to consider if a deauth flood from the Walmart parking lot is a good idea or not...might need to go inside and buy some cheap sunglasses first ;-)

Other related posts: