How 2 find an SSID after you've connected to hidden SSID that shares the same hardware (MAC address)?

Jouni Malinen jkmaline
Sat Oct 14 09:11:54 PDT 2006

On Thu, Oct 12, 2006 at 08:45:37AM -0700, George S. Lockwood wrote:

> a) finding a certain broadcasted SSID.
> b) connecting / authenticating to a hidden SSID of the same MAC address.
> c) eventually disconnecting.
> What I find when I connect is the broadcasted SSID is no longer
> detected and the once hidden SSID is.
> Further, once the connection with the once hidden SSID is ended, I
> cannot detect either for about 10-15 minutes.  Then the broadcasted
> SSID reappears.
> Is this expected behavior?  What can I do (at the disconnect??) to
> again detect the broadcasted SSID?

There is no standard definition for this behavior since both the hidden
SSID and multi-SSID functionality were added to implementations without
amending the IEEE 802.11 standard. In other words, prepare to
implementation specific differences here..

The behavior you described is indeed something that I would expect to
see with some (but certainly not all) drivers. The driver in question
seems to store scan results in a table index only by BSSID and not
<BSSID,SSID> pair which would be more suitable to this kind of use case.

The 10-15 minute time you mentioned is likely a timeout on the scan
results. When the hidden SSID was configured in association request, the
driver probed for that SSID explicitly and updated its scan results by
replacing the SSID of the broadcast SSID with the hidden one. If the
driver is doing this internally, there is not much you can do about this
apart from unloading and reloading the driver.. I would expect you to be
able to associated with the broadcast SSID by explicitly specifying it,
but you would need to know it at that point.

Other implementations (especifially cards that have been designed to
work with Cisco APs) store scan results indexed with <BSSID,SSID> pair
and allow multiple entries to use the same BSSID. These implementations
should return all the found SSIDs even if they are using the same BSSID.
In other words, you would first see only the broadcast SSID and after
associating with a hidden SSID, both SSIDs would be visible in scan

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list