Finding Hidden SSID’s

It’s extremely easy to find the ID for a “hidden” network—all you have to do is use a utility like inSSIDer, NetStumbler, or Kismet to scan the network for a short while to show all of the current networks out there. It’s really that simple, and there’s plenty of other tools that do the same job.

Don’t believe me? Grab a copy, start it up, and then click the Start Scanning button—within a minute you’ll see a list of every single network in range. You can then identify which ones are using WEP and start cracking them.

Hidden networks show up as Unknown in version 1 of this particular tool, but they do show all of the other data about the network, including the encryption type and MAC address. Version 2.0 of inSSIDer actually does show the SSID for a hidden network. You’ll see in this screenshot the lhdevnet network is hidden.


Real hackers are going to be using tools like Kismet and Aircrack to figure out the SSID before they crack your network, so whether or not a particular tool is showing the right data is beside the point. Should also note that you can use this tool to figure out how to change the wireless router channel and optimize your Wi-Fi signal.

Hidden Wireless SSIDs Actually Leak Your SSID Name



When you hide your wireless SSID on the router side of things, what actually happens behind the scenes is that your laptop or mobile device is going to start pinging over the air to try and find your router—no matter where you are. So you’re sitting there at the neighborhood coffee shop, and your laptop or iPhone is telling anybody with a network scanner that you’ve got a hidden network at your house or job.

Microsoft’s Technet explains exactly why hidden SSIDs are not a security feature, especially with older clients:

A non-broadcast network is not undetectable. Non-broadcast networks are advertised in the probe requests sent out by wireless clients and in the responses to the probe requests sent by wireless APs. Unlike broadcast networks, wireless clients running Windows XP with Service Pack 2 or Windows Server® 2003 with Service Pack 1 that are configured to connect to non-broadcast networks are constantly disclosing the SSID of those networks, even when those networks are not in range.

Therefore, using non-broadcast networks compromises the privacy of the wireless network configuration of a Windows XP or Windows Server 2003-based wireless client because it is periodically disclosing its set of preferred non-broadcast wireless networks.

The behavior is a little better in Windows 7 or Vista as long as you don’t have automatic connection enabled—the only way to be sure that you’re not leaking the network name is to disable automatic connection to wireless networks with a hidden SSID. Microsoft’s explanation:

The Connect even if the network is not broadcasting check box determines whether the wireless network broadcasts (cleared, the default value) or does not broadcast (selected) its SSID. When selected, Wireless Auto Configuration sends probe requests to discover if the non-broadcast network is in range.

How Should You Secure Your Network Then?


When it comes to wireless network security, there’s really only one rule that you need to follow: Use WPA2 encryption, and make sure that you are using a strong network key.

If you’re not using encryption, or you’re using the pathetic WEP encryption scheme, it doesn’t matter whether you hide your SSID, filter MAC addresses, or cover your head in tin foil—your network is wide open for hacking in a matter of minutes.

16 Replies to “Finding Hidden SSID’s”

  1. I always set mine up with a hidden sid, simply because it does effectively hide it from most of your average computer users. And for everyone else, there is WPA2 😀

    Of course, you are right that a lot of people don’t realize that if you only have it set to private, not only is it not really private, but all your info is being sent without encryption. One of those cases where security through obscurity should only be part of the total plan.

  2. WEP is cracked, WPA and WPA2 is cracked, WPS is cracked.

    You might as well just leave your wireless wide open because nothing is stopping people from cracking the password, it will stop the less tech savie of free loaders from stealing your wifi with security but someone with knowledge it wont stop them

    The only thing left to do is get rid of the wireless router and stick to plain old wires
    if your serious about it

  3. @Danny

    There are several ways to prevent unauthorized access. RADIUS is a perfect example to how a network admin can, with the addition of several security methods, lock down a network. Wireless is a cheap and affordable way to network and is required in some cases.

    WPA2 is very difficult to crack if you use strong passwords. If fact, it will take a hacker over a lifetime to crack a 20 char strong password. It’s impossible.

    Hardening is required to ensure that your wireless network does not get tampered with. I suggest reading a couple books on the subject and learn more about wireless security. It’s a great field and its expanding every day.

    |if your serious about it

  4. Tom,
    While securing my router I always hid the SSID. I was setting up a win 7 and was having trouble, saw the option under discussion and started looking around (Google). I never would have connected the dot without win 7 adding the security, causing me to ask questions. So here are some more to see if you can help :-).
    1. Bottom line, do you hide SSID or not?
    2. Why does a AP not have an option to ‘encrypt’ the SSID? Would that not be the best of both worlds? Even if someone sniff it out, without the PSK it just junk. Did this question make sense?

  5. @Paul,

    1. No. If you do, you have to set your laptop/desktop/wireless-device to “Connect even if the network is not broadcasting its name (SSID)” – which means the device itself will be sending out beacon requests wherever you take it essentially saying “I’m looking for , are you it?” A malicious hacker can easily obtain your home router SSID by listening to these requests and then possibly act as your home router to initiate a “man-in-the-middle” attack.

    2. Yes, I believe I understood your question. If you meant what I think you meant (SSID itself is encrypted when broadcast, and hence will display as the encrypted name when displayed on your laptop’s available APs when searching) then how would you know which AP you’re connecting to? IE. Home router’s SSID is “abc”, encrypted name is “def”, you’re on your laptop searching for your home router but all you see if “def” “ghi” & “jkl” – which one do you pick? It gets even more complicated if I understood your question in other ways. For example, even if the malicious attacker didn’t have your actually SSID, it doesn’t matter too much as he could just run the attack on that router regardless. I should add that the SSID is just an identifier (as the acronym itself states), and it’s not particularly unique. You can have an environment where you have multiple APs with the same SSID (a university may name multiple APs “UniWifi” so that your laptop gets seamlessly handed off to the next closest AP when you go out of range of one, etc. The actual unique identifier of APs (including your home router) is its MAC address – although this can be spoofed/edited as well to some degree).

    I hope this helps! I may have provided too much or too little in some areas and not others, but I think your questions were addressed.

  6. With havin so much written content do you ever run into any problems of plagorism
    or copyright violation? My website has a lot of completely unique content I’ve either written myself or outsourced but it appears a lot of it is popping it up all over the web without my agreement. Do you know any solutions to help prevent content from being ripped off? I’d really appreciate it.

  7. I would appreciate any help finding a Windows based program that would let me see/select an SSID that has a space in the name. A tech for the McDonalds chain grudgingly added numbers to half of the duplicate names, but did so with a space before the number. I am using Windows 7 with an Intel WiFi radio.

  8. Hey! This post couldn’t be written any better! Reading through this post reminds me of my old room mate! He always kept talking about this. I will forward this write-up to him. Pretty sure he will have a good read. Thank you for sharing!

  9. Hey, I think your blog might be having browser compatibility issues.
    When I look at your website in Opera, it looks fine but when opening in Internet Explorer, it has some overlapping.
    I just wanted to give you a quick heads up! Other then that, great blog!

  10. Never ever thoughts, Robbie.. you did say you happen to be
    moving to Rome. You’ll possess a blast. Existence carries on outside simply because on the great weather. Head out, reap the benefits of each of the town must provide and also you will fulfill more Italian females you will know what to complete with. Just be patient together with the mind-boggling site visitors. For some entertaining issues to perform in Rome, verify my posts beneath the journey category (I was there not so long in the past)

Leave a Reply

Your email address will not be published. Required fields are marked *