Hidden ESSID with MDK3

[d4rk0wl]

Hello,

Recently I decided to check the strength of my hidden ESSID WIFI access point by using MDK3 and Renderman's pre-assembled SSID list. Although I am running into some problems with MDK3 I have never ran into before.

The channel my AP is on shares the same channel with other APs in my neighborhood, I start my airodump-ng session on the correct interface and filtered by both SSID and channel. When I bring up MDK3 I initialize the command by executing:

root@Linuxnetbook:~# mdk3 mon0 p -t <Target BSSID> -f SSID.txt

Everything seems to start fine, though I somehow get a response from another un-hidden BSSID in my neighborhood.

SSID Wordlist Mode activated!

Waiting for beacon frame from target...
Sniffer thread started

SSID is hidden. SSID Length is: 7.

Got response from <Random SSID, which is not mine>, SSID: "dad"
Last try was: (null)
Trying SSID:                                 
Trying SSID: hpsetup                                
Packets sent:      5 - Speed:    4 packets/sec
End of SSID list reached

I do not understand why it is not targeting the correct SSID and recieving responses from other APs. I am running the airodump-ng session congruently alongside these attempts as well.

Any help would be appreciated for this n00b.

Thanks in advance,

d4rk0wl

PS - I realize I could just search the wordlist for my AP, but this way seemed much more fun :P

[digip]

Deauth a connected client(any tool you like, mdk3, aireplay-ng) while wireshark is open. Also have airmon-ng started for the nic in monitor mode and airodump-ng running and see the node deauthed and probe for the name, and match the mac address in wireshark connected to the mac of the AP not showing its name. That should show the SSID of the access point its trying to connect back to even if its not broadcasting its ESSID by searching the mac addresses in wireshark or a captured pcap from airodump.