What does it mean when the ESSID is null \x00?
The AP has the setting to "Don't Broadcast SSID" enabled. So the normal beacons are sent out, as all APs must do, but they just don't include the SSID.
The laptop should have the SSID as one of the one it knows, and when faced with a NULL ssid, it should send a PROBE with the SSID it wants to connect to. If this matches the SSID in the AP, they can proceed to connect.
So no, you won't accidentally roam to it unless you have an SSID and passphrase that match the one defined in the AP.
Related videos on Youtube
Evan Carroll
Consider opposing apartheid in Palestine and signing onto the BDS Movement; #1 User for DBA.SE 2017. Available for contracting: 281.901.0011 PostgreSQL & PostGIS / MySQL / SQL Server JavaScript, Typescript, Rx.js, Node.js, Angular Also: C / Perl / Python / Rust / x86 Assembly
Updated on September 18, 2022Comments
-
Evan Carroll over 1 year
I'm at the gym, and
iwlist
is running an AP that has,Cell 03 - Address: 00:23:33:16:E8:A0 Channel:11 Frequency:2.462 GHz (Channel 11) Quality=42/70 Signal level=-68 dBm Encryption key:on ESSID:"\x00" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s 11 Mb/s; 12 Mb/s; 18 Mb/s Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master
What does it mean if the ESSID is
\x00
is a laptop likely to roam to it from a named ESSID? -
Tim Post over 9 yearsDo you know if it's required to set it (literally) to "\x00", or could one expect to just encounter it as an empty string instead? I never knew it was part of the beacon if disabled (though it makes perfect sense).
-
Paul over 9 yearsThe spec says 1-32 bytes long, so it cannot be zero bytes - the empty string.
-
Nick Edwards over 6 yearsThe spec says: "The length of the SSID information field is between 0 and 32 octets. A 0 length information field is used within Probe Request management frames to indicate the wildcard SSID". As far as I can tell it doesn't say anything about the SSID length to be used in beacon frames for hidden networks .
-
Paul over 6 years@NickEdwards Yeah, in hindsight, the broadcast disabled ssid would simply be empty. Whereas this one has a length 1 and the first and only byte is zero. So the SSID is literally '0x00' rather than being a broadcast dsiabled network. It would be good to see the actual frame. Still, the point about accidentally roaming to it stands.
-
Nick Edwards over 6 yearsRight. I came across this post after testing some APs running in hidden mode and finding that they broadcast an SSID of length 8 or 9, all null bytes. Not sure why they would do this, but Windows seems to correctly interpret them as hidden networks.
-
Paul over 6 years@NickEdwards Did the length match the unhidden ssid?
-
Nick Edwards over 6 years@Paul - yes, it does in every case.
-
Paul over 6 years@NickEdwards Ah right, so my original interpretation was probably correct, that this is a hidden SSID, and probably the real SSID is one character long. But the rest is incorrect - this isn't a "null ssid" and the length comment was wrong