Hidden Wireless Networks
Access points (APs) advertise their capabilities several times per second by broadcasting beacon frames that carry the Service Set Identifier (SSID) of the wireless network. Commercial grade access points can be configured to advertise multiple SSIDs/networks. SOHO class access points typically only allow a single SSID to be configured. A hidden wireless network occurs when APs are configured to not broadcast their SSID.
Why Doesnâ€™t Disabling SSID Broadcasting Hide Wireless Networks?
SSID information is contained in the following frame types: Beacon Frames, Probe Requests Frames, Probe Response Frames, Association Request Frames, and Reassociation Request Frames. Since all 802.11 management frames are not encrypted, these frames can be collected and used to determine the SSID.
Aggressive tools allow traffic to be injected to cause responses to speed up traffic capture and SSID determination process.
In reality, most network owners configure additional security such as WEP, WPA, and WPA2 so knowing the SSID may not be enough information to connect to the hidden wireless network.
Connecting to Hidden Wireless Networks
It is not possible to connect to an 802.11 wireless LAN if you donâ€™t know the SSID.
To reveal the hidden SSID/network you can use free WiFi scanning software such as Kismet or KisMAC. These tools use passive scanning methods to extract the SSID from frames other than beacon frames.
NetStumbler, iStumbler, and MacStumbler are active WiFi scanning tools and can not reveal hidden SSIDs. Check out these alternatives to Network Stumbler instead.