|
probably these thousands of <no ssid> networks are clients sending the 'probe request' packets with ssid set to ANY or blank.
I can cleanly monitor my friends orinoco trying to find an AP with kismet and ethereal under linux (my orinoco in monitor mode).
Ethereal correctly shows the '802.11 probe request' with a blank SSID.
Kismet shows a <no ssid> network with the cards MAC.
maybe Kismet shouldnt show probe REQUESTS at all, only probe responses (for the closed APs).
As the idea of logging the probes is when you have a 'closed' AP (doest send its SSID in beacons, doesnt answer to Probe Requests with blank SSID), as soon as a client sends a probe request with the correct SSID, the AP sends a probe response WITH the SSID to the client.
so with a small patch to kismet all those *fake* blank SSID networks should be gone.
All there would be to do is adding a if() before the packet processing so kismet simply ignores them (or make it ignore probe requests with blank SSID)
sorry if this is a bit confused, I'm trying to implement the ignore atm ;-)
|