billyblaxsta Posted August 3, 2011 Posted August 3, 2011 Anyone who has ever used Kismet will know that there are a lot of "cloaked" or <ssid 0> networks out there. Some are open, some have WEP, and some WPA. Using a tool like Kismon (http://www.salecker.org/software/kismon/en) one can put the MACs in order so it becomes obvious that <ssid 0> is actually affiliated with nameofcompany_guest since the MACs are so similar. Is it possible to find out what the name of the <ssid 0> is since (I assume) it is impossible to even think about connecting without the name? Thanks. Quote
Mr-Protocol Posted August 3, 2011 Posted August 3, 2011 Deauthing the clients connected to it should do the trick. Quote
digip Posted August 3, 2011 Posted August 3, 2011 (edited) As stated above, deauthing them, then look for the probes coming form those same machines you deauthed and you should be able to get the name. If they are windows workstations, more than likely they will try to reconnect to the same AP as soon as they get logged off. If these are WPA encrypted networks, it should also nab you the 4-way handshake at the same time. Edited August 3, 2011 by digip Quote
Infiltrator Posted August 4, 2011 Posted August 4, 2011 And if you want to find out more information after deauthing them, could use Wireshark to get more insight into the packets. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.