Results 1 to 10 of 10

Thread: Kismet

  1. #1
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    17

    Default Kismet

    Hi guys,

    I couldn't find an answer to my question about kismet, so hope you guys can help out.

    My question is can Kismet shows/indicates an AP is non-broadcast?

    I know that kismet can:

    1) Display hidden SSID AP
    2) If no client associated to hidden AP, shows <no ssid>
    3) If client associated to hidden AP, shows <XXX> in Blue

    But does it indicate the AP is non-broadcasting? Using Windows "View all available networks", the AP cannot be seen. Using Backtrack 3 "Wireless Assistant", the AP is written as "<hidden>".

    The AP is configured as hidden and non-broadcast btw.

    My understanding is hidden SSID is different from non-broadcasting. Correct me if I'm wrong.

    Thanks!!

  2. #2
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    17

    Default

    hmm... now I've saw that Non-broadcast AP is the same as hidden SSID??

    Please kindly refer to this link (h t t p:/ / technet.microsoft.com/en-us/library/bb726942.aspx)

    Abstract
    "Wireless access points (APs) of a non-broadcast or hidden wireless network do not broadcast their Service Set Identifier (SSID)."

    Does this imply non-broadcast is different from hidden network? ultimately i understand that the SSID is hidden.

    Does it mean if I see <no ssid> in kismet or the SSID is written in BLUE, i can conclude its non-broadcast AP??

    Am I the only one having this confusion?

  3. #3

    Default

    Quote Originally Posted by frederickyip View Post
    "Wireless access points (APs) of a non-broadcast or hidden wireless network do not broadcast their Service Set Identifier (SSID)."
    Does this imply non-broadcast is different from hidden network? ultimately i understand that the SSID is hidden.
    No, same thing.

    Does it mean if I see <no ssid> in kismet or the SSID is written in BLUE, i can conclude its non-broadcast AP??
    Could mean that kismet hasn't yet seen a packet that contains the SSID yet (such as a beacon). For example, if the network just came into range. However, generally speaking, your conclusion is correct.

    Keep in mind that all the "hidden ssid/no broadcast" implementations that I am aware of just munge the SSID in a beacon packet. Kismet knows that Association, Re-Association and Probe Response packets will contain the SSID, regardless of settings, so when kismet reads those packets, it will provide the ssid of that "hidden" network. This is also why de-auth'ing a client will "unhide" a SSID.

    Am I the only one having this confusion?
    Probably not.

  4. #4
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Quote Originally Posted by cybrsnpr View Post
    No, same thing.
    I thought a "non-broadcast" AP doesn't send out beacon frames, whereas a "hidden SSID" AP sends out beacon frames but doesn't give the SSID. Am I wrong?
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  5. #5

    Default

    Quote Originally Posted by Virchanza View Post
    I thought a "non-broadcast" AP doesn't send out beacon frames, whereas a "hidden SSID" AP sends out beacon frames but doesn't give the SSID. Am I wrong?
    I can only answer for the AP I'm looking at now, but I set my Linksys WRT54G to "Disable SSID Broadcast". When I fire up kismet and wireshark, I still see beacon packets from the AP but the SSID parameter is now garbage ( \000\000\000\000), i.e. "hidden".

    I think that per the IEEE-802.11 spec, an AP has to send out beacons.

  6. #6
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    17

    Default

    Quote Originally Posted by Virchanza View Post
    I thought a "non-broadcast" AP doesn't send out beacon frames, whereas a "hidden SSID" AP sends out beacon frames but doesn't give the SSID. Am I wrong?
    Thats excatly wat I thought so too...

    Not that I don't believe you cybrsnpr. I think I am confused with the usage of "ENGLISH" here.

    Non-broadcast generally in english would generally mean not broadcasting the AP. So pple viewing available wireless networks would not even know this non-broadcasting AP existence.

    On the other hand, a hidden ssid AP would allow pple to view the AP but its name/ssid is hidden.

    Argh... I shall just accept the fact then.

    Thanks!

  7. #7
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by frederickyip View Post
    Thats excatly wat I thought so too...

    Not that I don't believe you cybrsnpr. I think I am confused with the usage of "ENGLISH" here.

    Non-broadcast generally in english would generally mean not broadcasting the AP. So pple viewing available wireless networks would not even know this non-broadcasting AP existence.

    On the other hand, a hidden ssid AP would allow pple to view the AP but its name/ssid is hidden.

    Argh... I shall just accept the fact then.

    Thanks!
    Your English is OK, but you need to understand that both "non-broadcasting" and "hidden" in this context are both misnomers. What actually happens is that the AP no longer will respond to broadcast probes.

    Normally, broadcast probes are sent out by WiFi devices other than APs. Specifically devices which are actively trying to find the AP. This is the WiFi equivalent of the device saying "Hello, can anybody hear me?" The AP then answers "Yes, I can hear you. My name is <SSID>."

    Rather than use an unwieldy -but technically more correct- phrase such as "Disable response to broadcast request probes", the manufacturers choose to call this "SSID non-broadcast" or "Hidden SSID".

    When the AP is set to have a "non-broadcast' or "hidden" SSID, the AP is merely set to no longer answer those probes from other devices. However, the SSID can be and is still transmitted with some (not all) other packets as part of the normal wireless network operations. When you use a passive monitoring program such as Kismet, the SSID will be detected eventually, when other radio traffic is seen on the airwaves and the program picks up some packets containing the SSID.

    Having said all that, you should understand that there are a few devices, notably some early models of ORiNOCO APs, which will put a blank or null SSID in some packets. However, this is not an accepted part of the 802.11 standard, and may cause issues when connecting to other brands of WiFi equipment.
    Thorn
    Stop the TSA now! Boycott the airlines.

  8. #8
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    17

    Default

    Quote Originally Posted by Thorn View Post
    Your English is OK, but you need to understand that both "non-broadcasting" and "hidden" in this context are both misnomers. What actually happens is that the AP no longer will respond to broadcast probes.

    Normally, broadcast probes are sent out by WiFi devices other than APs. Specifically devices which are actively trying to find the AP. This is the WiFi equivalent of the device saying "Hello, can anybody hear me?" The AP then answers "Yes, I can hear you. My name is <SSID>."

    Rather than use an unwieldy -but technically more correct- phrase such as "Disable response to broadcast request probes", the manufacturers choose to call this "SSID non-broadcast" or "Hidden SSID".

    When the AP is set to have a "non-broadcast' or "hidden" SSID, the AP is merely set to no longer answer those probes from other devices. However, the SSID can be and is still transmitted with some (not all) other packets as part of the normal wireless network operations. When you use a passive monitoring program such as Kismet, the SSID will be detected eventually, when other radio traffic is seen on the airwaves and the program picks up some packets containing the SSID.

    Having said all that, you should understand that there are a few devices, notably some early models of ORiNOCO APs, which will put a blank or null SSID in some packets. However, this is not an accepted part of the 802.11 standard, and may cause issues when connecting to other brands of WiFi equipment.
    Thank you so much thorn! I now understand what you and cybrsnpr is trying to explain here.

    It always feel so much better understanding the truth/facts then just accepting them because you have to. Thanks so much!!!

    @thorn: not sure if you're the same thorn at netstumbler, but if you are, I hope u can help me answer my doubt about netstumbler on another post. Thx!

  9. #9
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by frederickyip View Post
    Thank you so much thorn! I now understand what you and cybrsnpr is trying to explain here.

    It always feel so much better understanding the truth/facts then just accepting them because you have to. Thanks so much!!!
    You're welcome. I'm glad it helped. This concept is one of those that's relatively easy to grasp once you understand the technology, but has been confused by the wording used by the manufacturers.

    Quote Originally Posted by frederickyip View Post
    @thorn: not sure if you're the same thorn at netstumbler, but if you are, I hope u can help me answer my doubt about netstumbler on another post. Thx!
    Yes, I'm the same guy.
    Thorn
    Stop the TSA now! Boycott the airlines.

  10. #10
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    5

    Question How to display <No SSID >

    I see 3 <No SSID> entries in my list, but I can not figure out how to get them to show their SSID
    I can click on it and get the MAC, but it shows 0 under the channel.

    Is this normal ? Is there a trick to getting these AP's to respond with their name and channel number ?

    Thanks in advance. This is only my second day working with Kismet.

    Bill

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •