Technical question about hidden SSID's

[njweb]

Someone in another thread was asking which channels to use in Europe and used SSIDer to check nearby channels. That got me thinking about something.

I have not needed SSID'er yet (been using an alternative).
If 'SSID broadcast on a given network is disabled does SSIDer still 'see' it?
(Before anyone brings it up, I am not thinking of hiding my SSID - that can cause more harm than good and certainly won't stop a hacker. The question is juts because curiosity got the better of me after reading that other thread).

 

[StratmanX]

If 'SSID broadcast on a given network is disabled does SSIDer still 'see' it?.

inSSIDER does not report hidden SSID's, only those broadcasting.

However, the RSSI reported for your SSID may factor in the effect of others hidden SSID's, though I have no proof that it does.

It could be inSSIDer reports RSSI as a result of the indirect interference of only the "known" broadcasted SSID's, obstacles to signal in your home, and the effect of unreported electrical devices interference in your home combined with the signal intensity reported by your NIC adapter card coming from your wireless router.

An example of unreported devices altering inSSIDer reporting was the use of an electric knife three rooms over from the router and client causing significant disruption to my wireless signal and inSSIDer's reporting.

As such, it is probable that inSSIDer's reporting demonstrates the effects of non-broadcasted SSID devices but without identifying those device's SSID.

 

[stevech]

A bit more...

WiFi routers and access points by default transmit a "beacon" message about 10 times a second. The beacon is a broadcast - no destination address. The beacon enables clients to do network discovery.

You can configure to disable sending the SSID in beacons. This is OK as long as all clients that would use the network are told by you how to connect: Channel, SSID and pass key.

Once your client and router/access point start exchanging messages, the SSID is in the messages. A proper monitoring program can catch these SSIDs along with the SSIDs in beacons - if it chooses to do so.

You can also disable the beacons all together. But battery powered devices rely on the beacon to do "sleeping" to save battery power. They turn off the WiFi receiver for one or more beacon time intervals then power up the WiFi receiver and receive a beacon. In the beacon there may be a notice that there's a packet (frame) waiting that arrived while the WiFi was off. This is the power saving capability that is in the IEEE standard.

Last nit: In WiFi's "ad-hoc" mode, client devices send beacons to one another.

 

[sfx2000]

You can also disable the beacons all together. But battery powered devices rely on the beacon to do "sleeping" to save battery power. They turn off the WiFi receiver for one or more beacon time intervals then power up the WiFi receiver and receive a beacon. In the beacon there may be a notice that there's a packet (frame) waiting that arrived while the WiFi was off. This is the power saving capability that is in the IEEE standard.

You can't disable the beacon on a 802.11 access point - you can hide the SSID, but the beacon frame is required so that the attached STA's can synchronize to the AP.

STA's that support powersave mode (as part of WMM and 802.11e) register the capability with the AP, and notify the AP when they're going to sleep mode - they do periodically wake up and watch the beacon for incoming data...