 | 1 | initial version |
I think you want to match up the BSSID field from the eapol frames to another frame type that contains the SSID name. In the case of the second capture, try this filter:
wlan.bssid == 12:01:12:44:ff:75 and (wlan.fc.type in {0x00} or eapol)
I tool the BSSID from the eapol frames, then search for mgmt traffic that has that BSSID. We get a result, looks like the SSID is TheZoo.
In the first case, I would use this filter:
wlan.bssid == 6c:99:61:13:26:14 and (eapol or wlan.fc.type == 0x00)
So in both cases, the mgmt traffic shows the SSID. It may not always - if beacons hide the SSID or there are no becaons (as in your second capture) then you need the SSID is passed in plaintext only in specific cases and if you miss those frames, you wouldn't know.
There is no radiotap or PPI header here - how are you capturing the monitor mode frames?
| | 2 | No.2 Revision |
I think you want to match up the BSSID field from the eapol frames to another frame type that contains the SSID name. In the case of the second capture, try this filter:
I tool took the BSSID from the eapol frames, then search searched for mgmt traffic that has that BSSID. We get a result, result: looks like the SSID is TheZoo.TheZoo from a probe response frame.
In the first case, I would use this filter:
So in both cases, the mgmt traffic shows the SSID. It may not always - if beacons hide the SSID or there are no becaons beacons (as in your second capture) then you need the SSID is passed in plaintext which is only done in specific cases and frames, so if you miss those frames, you wouldn't know. know.
There is no radiotap or PPI header here - how are you capturing the monitor mode frames?