During passive wireless analysis or BSSID Correlation, some wireless networks may be discovered that only display a MAC address or are marked as “Hidden”. This means that the access point is configured to be non-broadcasting for the given wireless SSID. As a consequence, the analysis tools cannot determine the network name unless a client joins while the tool is listening. Non-broadcasting means that the access point does NOT broadcast the network name (SSID). Instead, users must manually enter the correct SSID rather than easily browsing and joining the network by selecting the name from the scanning list.
Procedure
- Passively collect wireless traffic. When a client joins the network, the SSID value is disclosed during the negotiation process. If the tool observes the join operation, the SSID will be uncloaked in the user interface.
- Perform Deauthentication Attacks while collecting traffic. Deauthentication of an associated client will cause the client to disconnect and reconnect to the network. The reconnection attempt will result in disclosure of the SSID assigned to the network.