PDA

Click to See Complete Forum and Search --> : How to sniffer the SSID even disable it's broadcast

ken952034
02-18-2005, 02:43 AM
Hi all experts,

i read some article talk about the wirelesslan's security. Said even we disable the SSID broadcast, hacker also could use public s/w to sniffer the message to get the right SSID. But this article was not detail description on the deepth technology. So any one could explain how does it happen? I am learning on WiFi thease days..... Thx in advance.


Rgds,
ken

--------------------------------
solution engineer
wujianli@nortel.com



PS. so good to found this forum to raise my question and open discuss with all.
keenanj
02-18-2005, 09:40 AM
Yes you can use linux (with monitor mode patch) and ethereal or kismit to capture packets whether of not the SSID is being broadcast.

You can also use AirMagnet laptop or handheld to detect hidden SSID and monitor traffic.
ken952034
02-20-2005, 01:34 AM
Thanks, Jeff!

Does SSID will also be contained in the alternate-message between the AP and client? Even the connection have been set up?

I found some guy said that the sniffer tools should gather enough packet which some valuable init message in it so that it will have SSID deepth in it.

not sure whether is ture.....
keenanj
02-20-2005, 08:32 AM
It you monitor the client association process with a sniffer you can get the SSID in most cases.
sniper
02-23-2005, 04:48 AM
Hi Ken,

You should be able to see the ssid using basic wireless sniffers like netstumbler as well as capture packets using ethereal/Kismet(Linux based) irrespective of broadcast ssid parameter.
sniper
02-23-2005, 04:54 AM
This should give you a clear picture.

Many APs by default have broadcasting the SSID turned on. Sniffers typically will find the SSID in the broadcast beacon packets.

Turning off the broadcast of SSID in the beacon message (a common practice) does not prevent from getting the SSID; since the SSID is sent in clear text in the probe message when any client associates to an AP.

Source:
%20By%20turning%20off%20the%20broadcast%20of%20SSI D,%20can%20someone%20still%20sniff%20the%20SSID?]ssid (http://www.iss.net/wireless/WLAN_FAQ.php#[2.3.5)
keenanj
02-23-2005, 08:45 AM
netstumbler will not detect a AP with a hidden SSID.

You need a more advanced tool like AirMagnet or linux with kismit, ethereal and monitor mode patch.
ken952034
02-25-2005, 09:48 PM
all,

quite helpful info to me and i get the clear view on this topic.

Thanks again!!!

best regards,
ken