- -
Broadcast SSID
(
http://www.netstumbler.org/f4/broadcast-ssid-1288/)
Broadcast SSID
I am sporadically able to pick up the SSID of an access point with "Broadcast SSID" turned off. I was told the SSID is actually being captured from a client when it associates with the access point. Is this true?
|
Yes
Robert,
When a client associates with an AP it sends the SSID in clear. So if you're using a sniffer you will be able to "see" the SSID.
-jb
|
Is NetStumbler considered a sniffer, or are you saying that if I'm connnected to the network looking at packets with something like Ethereal, I should be able to see the SSID?
In the environment I'm looking at, clients are consistently associating and disconnecting from the network. Is there any other way to keep the SSID from showing up in NetStumbler?
|
If you are using sniffer 4.7 with the NAI drivers or possibly any other wireless comatible sniffer you can capture the SSID's of AP's that are in your range even if Brodacast SSID is turned off. Netstumbler will not pick up the AP but sniffer will. It shows the SSID in the capture window under the decode tab.
I am definatly not an expert on this matter. I am just reporting my findings. Hope this helps.
|
NetStumbler is NOT a sniffer. IMO in the situation you described I don't think that Netstumbler should be able to pick up those SSIDs.
My understanding of Netstumbler is that it broadcasts a request on a channel and then cycles to the next. It listens for returns from those requests in order to pickup a SSID. This makes Netstumbler a bit "noisy" and is how it can be spotted - it's got a signature. In your case the response to those requests (broadcasting) has apparently been turned off and should be ignoring Netstumbler's pleas to get on the network. Netstumbler actively broadcasts - it's not passive like a sniffer would be.
Have I got this wrong? If so please explain where and correct my understanding.
|
The newest firmware for the Lucent (Agere) APs allows netstumbler to "see" an AP that broadcast has been turned off on. I would almost bet that you're picking up a Lucent AP with the new firmware. Not sure why they would do this, since the whole point of turning off broadcast is to keep the casual listener from detecting you. BLKMGK - you are correct. NetStumbler sends out probe requests and listens for responses to them. A sniffer, on the other hand, listens to beacon packets. The sniffer is able to pick up both broadcast and non-broadcast APs because, even though broadcast is turned off, the AP will still send out the SSID in a beacon packet if someone (client) is associated/associating with the AP. It happens a lot less than when the AP is broadcasting, but it still comes up. That's how tools like Kismet detect cloaked networks, and why NetStumbler does not - Kismet is in actuality a sniffer and NetStumbler is essentially a roaming client polling for the "any" network.
|
so what is the ssid in the NS window. only the default?
|
The SSID you receive is whatever the AP network has been named. The standards for Wi-Fi created by the IEEE 802.11b working group force every access point to respond to a polling request for the "any" network. That doesn't mean that the network needs to be named "any" for the AP to respond. The reason they did this is so people could roam around and find open networks and easily associate with them. The only way it won't respond is if you have disabled broadcast on your AP. Hope this answers your question.
|
Let me make sure we are all in agreement. There is no way, to anyone's knowledge, that NetStumbler could pick up the SSID of a Cisco AP or client with the broadcasting of the SSID turned off.
|
Wouldn't you need to know the SSID (or be connected to the wired lan) before you could sniff the SSID? Is there a way to be associated to a closed network and sniff the SSID without knowing the SSID to begin with?
|
If you're using a trully wireless sniffer like Airopeek or Kismet you won't need to associate with the AP to sniff the network.
|
| All times are GMT -7. The time now is 12:22 AM. |
|
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0 ©2007, Crawlability, Inc.
All messages express the views of the author and are for entertainment purposes only. Netstumbler.org cannot be held responsible for the authenticity of the content or the actions of its members. By using this site and its services, you warrant that you will not post any messages that are discriminating, obscene, hateful, threatening, or otherwise violates any laws and you release Netstumbler.org from any future claims of any kind whatsoever including, but not limited to, addiction and loss of productivity. All forum messages, private messages and any other content are properties of Netstumbler.org. Even if publicly available, personal or copyrighted information are not to be posted without the consent of the owner. Distribution of licensed and copyrighted materials in any way not endorsed by the copyright owner is strictly prohibited. You may not use this site and its resources to spam other sites or individuals or perform any action that violates any law. Items sold or bought in the For Sale forum are sold as is and no warranty or insurance of any kind is provided. Netstumbler.org cannot be held responsible for the outcome of any transactions and no warranty of any kind is provided, either express or implied. Vulgar words are not allowed in the subject lines ; they may be used in the message body in any forum. The Administrator, Super Moderators and Moderators of Netstumbler.org have the right to remove, edit, move or close any thread for any reason and to reveal your identity and other known information in the event of a complaint or legal action arising from any message posted by you.
