Kismet Wireless

Kismet Forums


Posted by:nils
Subject:the way kismet extract hidden ssids
Date:16:58:24 08/11/2006

> > > Hi everyone!
> > >
> > > It seems to be quite easy to get the ssid of an AP, that hides his SSID. You deassociate an associated client, the client reassociates and you can sniff the SSID from the network, since it is send in clear text.
> > >
> > > Sniffing while kismet starts up doesn't show anything like this. I haven't seen any packets containing the hidden SSID on an open network (no WEP, no WPA, just for fun an open entwork for testing purposes).
> > >
> > > How the heck is kismet doing this. I tried reading the source, but my knowledge of c++ seems to be too bad in order to understand, what exactly it does...
> > >
> > > Any answer would be nice. Thanks a lot in advance!
> >
> > Kismet is passive. It does not send frames. The SSID is derived from normal client interaction with the AP, ie joining or rejoining.
> >
> > -m
> Fine, but what if no client talks with the AP, meaning the SSID is not sent at any time. I sniffed it with wireshark, there was no single cleartext SSID going through the air, but kismet already knew the SSID. How is that possible?
> Herakles

Sorry, but i don't believe this really happened ;-)
Did you start Kismet earlier than Wireshark?
Try it another one, i'm sure it won't happen again! Kismet (and all other programs) absolutely need a connecting client!
Make sure there is not such a client and try it again!

Reply to this message