Service set identifier

From Wikipedia, the free encyclopedia

The examples and perspective in this article or section may not represent a worldwide view of the subject. Please improve this article or discuss the issue on the talk page.

This article does not cite any references or sources. (February 2008) Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed.

A service set identifier, or SSID, is a name used to identify the particular 802.11 wireless LANs to which a user wants to attach. A client device will receive broadcast messages from all access points within range advertising their SSIDs, and can choose one to connect to based on pre-configuration, or by displaying a list of SSIDs in range and asking the user to select one.

Contents 1 Description 2 Not broadcasting the SSID 3 Basic service set identifier 4 References

[edit] Description

It is normal for multiple access points to share the same SSID if they provide access to the same network.

In 802.11 it is possible to create an ad-hoc network of client devices (an IBSS), in which case the SSID is chosen by the client device that starts the network, and broadcasting of the SSID is performed in a pseudo-random order by all devices that are members of the network.

As the SSID is a name that may be displayed to users, it normally consists of displayable ASCII characters. However the standard does not require this - the SSID is defined as a sequence of 1-32 octets each of which may take any value.

Some wireless access points support broadcasting multiple SSIDs, allowing the creation of Virtual Access Points - partitioning a single physical access point into several logical access points, each of which can have a different set of security and network settings.

SSID Client Isolation prohibits wireless clients in the same subnet from communicating directly with each other and thereby bypassing the firewall

[edit] Not broadcasting the SSID

Some people have erroneously attempted to improve security by turning off the broadcast of the SSID.^[1] To a user, depending on the wireless software, the network either does not show up, or is displayed as "Unnamed Network". In any case, one needs to manually enter the correct SSID to connect to the network.

This method is not secure, because every time someone connects to the network, the SSID is transmitted in cleartext even if the wireless connection is otherwise encrypted. An eavesdropper can passively sniff the wireless traffic on that network undetected (with something like Kismet), and wait for someone to connect, revealing the SSID. Alternatively, there are faster (albeit detectable) methods where a cracker spoofs a "disassociate frame" as if it came from the wireless router, and sends it to one of the clients connected; the client will immediately re-connect, revealing the SSID.

Thus, this should not be used to protect a wireless network against determined hackers.^[2] Other forms of authentication should be used, of which WPA is the most accepted. However it should still be turned off because it increases the difficulty of making unauthorized access to a wireless network.^{[citation needed]} It is the first layer of a layered security setup.

[edit] Basic service set identifier

A related field is the BSSID or Basic Service Set Identifier. The IEEE 802.11-2007 Wireless Lan specification defines a BSSID as the MAC address of the Station (STA) in an Access Point (AP) in an infrastructure mode BSS. This field uniquely identifies each BSS.

In an IBSS, the BSSID is a locally administered IEEE MAC address generated from a 46-bit random number. The individual/group bit of the address is set to 0. The universal/local bit of the address is set to 1. (emphasis added).

A BSSID with a value of all 1s is used to indicate the broadcast BSSID. A broadcast BSSID may only be used during probe requests.

[edit] References