hidden ssid - broadcast beacons - Question

Dan Williams dcbw at redhat.com
Mon Aug 13 15:59:02 EDT 2007


On Mon, 2007-08-13 at 20:24 +0200, Stefan Bauer wrote:
> Dear Users,
> 
> this is probably a frequently asked question, but i did not find a
> suitable answer.
> 
> years ago, i setup a few accesspoints and specify the option to hide
> the network-id (ssid) of my networks. most of the clients are
> thinkpads with wpa_supplicant. month ago i noticed, that this
> method only omits sending the essid's in the broadcast frames.

The _only_ think SSID hiding does is remove the SSID from beacon frames.
The card still has to transmit the SSID _in the clear_ when associating
to the AP, and the card may still send probe requests with the SSID that
the AP responds to.  So if you monitor probe requests, you can easily
pick out what the AP's SSID is by seeing which APs respond to the probe
request.

Hiding the SSID is no security at all.

Dan

> there are a few other frames with includes the ssid's like:
> 
> BEACONs
> PROBE Requests
> PROBE Responses
> ASSOCIATION Requests
> REASSOCIATION Requests
> 
> my question is now how to read the hidden id out of the other frames?
> 
> are there any common tools available for unix to grab such packages
> and read the ssid in plaintext?
> 
> i found aircrack-ng for cracking/breaking into networks, but thats not
> what i want. i just want to read the essid's in plaintext and
> understand how this works a bit more in detail.
> 
> thanks in advance
> 
> best regards
> 
> stefan
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap




More information about the HostAP mailing list