It's a common security myth that not broadcasting an SSID provides some level of protection (if this was the reasoning behind turning off the broadcast). It's 100% untrue and can actually cause some (legitimate) clients to experience a delay before detecting the network they want is available to associate to.
Bulletproof Solutions Inc.
The reason why AirMagnet and other sniffers can see the SSID is because software like (AirMagnet) sniff the probe request frames coming from clients already preconfig with the SSID. if you capture the probe request from the client and open it up you will see the hidden SSID. AirMagnet will mark the SSID with the color RED on the dashboard. This is an indication the ssid was not being broadcasted.
Other sniffers like NetStumbler only looks for broadcast frames.... this why you will not see the "hidden" networks.
If you find this post helpful please rate the post!
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...