suspicion about scanning for wireless (ndiswrapper) and router with hide essid on

darkleaf · 10-18-2004, 06:25 AM

Does this return only access points with the same essid as you have set? Cause scannig with my essid set properly works and it lists my essid while if I disable my essid on the linux box it won't find anything.

Is that true?

2Gnu · 10-18-2004, 10:43 AM

Scanning for APs with essid not set or set for "any" should return an entry for any AP within range.

Scanning with your essid set will return any APs so named within range.

darkleaf · 10-18-2004, 11:02 AM

So that means if I scan without essid and get no results it's because I'm using the wrong interface name or something? I'll try later as I can't disconnect as I'm trying to download a 1.2GB file again and it has failed too much the last few days.

2Gnu · 10-18-2004, 11:10 AM

If you scan without the ESSID set, and the ESSID broadcast is disabled on any in-range access point, you will get exactly what you've asked for - nothing.

The AP will still be visible to Kismet, etc., obviously.

Maybe I'm missing your point.

darkleaf · 10-18-2004, 11:44 AM

Quote:

Originally posted by 2Gnu
If you scan without the ESSID set, and the ESSID broadcast is disabled on any in-range access point, you will get exactly what you've asked for - nothing.

Yes that's what I wanted to know

Quote:

The AP will still be visible to Kismet, etc., obviously.

Kismet? Is that a graphical manager or something? And then it won't show my essid I hope?

2Gnu · 10-18-2004, 12:51 PM

Kismet is a wifi detection and mapping tool. It will detect wireless access points and clients - regardless of essid broadcast disable/enable. It can, under some conditions, display the IP of the AP and the IP range of the client network, the manufacturer of the router, signal strength, wireless type & encryption status, longitude & latitude and the MAC addresses of the clients.

Quick lesson/rant on wireless misconceptions:

* SSID can't be kept secret, nor can the existance of an AP. It's a radio and once turned on, can be detected by anyone with an appropriate receiver.

* Beaconing of the SSID can be disabled, but the AP must respond with its SSID in response to a probe request. A listener can see the SSID when your client probes or if they initiate a probe.

* 802.11 controls are passed in cleartext. Regardless of any data encryption such as WEP, MAC address, IP address, etc. are available to anyone who wants them.

* That NetStumbler cannot see an AP with beaconing disabled is no indication of its stealth. It's very much like hiding by putting your hands over your eyes.

</rant>

darkleaf · 10-18-2004, 01:07 PM

Quote:

Originally posted by 2Gnu
Kismet is a wifi detection and mapping tool. It will detect wireless access points and clients - regardless of essid broadcast disable/enable. It can, under some conditions, display the IP of the AP and the IP range of the client network, the manufacturer of the router, signal strength, wireless type & encryption status, longitude & latitude and the MAC addresses of the clients.

Quick lesson/rant on wireless misconceptions:

* SSID can't be kept secret, nor can the existance of an AP. It's a radio and once turned on, can be detected by anyone with an appropriate receiver.

* Beaconing of the SSID can be disabled, but the AP must respond with its SSID in response to a probe request. A listener can see the SSID when your client probes or if they initiate a probe.

* 802.11 controls are passed in cleartext. Regardless of any data encryption such as WEP, MAC address, IP address, etc. are available to anyone who wants them.

* That NetStumbler cannot see an AP with beaconing disabled is no indication of its stealth. It's very much like hiding by putting your hands over your eyes.

</rant>

Thanks for the lesson. Learned a few new things there. I asked cause I thought linux might have a bit more powerful or different programs that might see more than I was aware of. Now this seems to be nearly everything. Think I'll do my firewall tomorrow.