SSID

A service set identifier, or SSID, is a name used to identify the particular 802.11 wireless LANs to which a user wants to attach. A client device will receive broadcast messages from all access points within range advertising their SSIDs, and can choose one to connect to based on pre-configuration, or by displaying a list of SSIDs in range and asking the user to select one.

Description

It is normal for multiple access points to share the same SSID if they provide access to the same network.

In 802.11 it is possible to create an ad-hoc network of client devices (an IBSS), in which case the SSID is chosen by the client device that starts the network, and broadcasting of the SSID is performed in a pseudo-random order by all devices that are members of the network.

As the SSID is a name that may be displayed to users, it normally consists of displayable ASCII characters. However the standard does not require this—the SSID is defined as a sequence of 1–32 octets each of which may take any value.

Some wireless access points support broadcasting multiple SSIDs, allowing the creation of Virtual Access Points—partitioning a single physical access point into several logical access points, each of which can have a different set of security and network settings.

SSID Client Isolation prohibits wireless clients in the same subnet from communicating directly with each other and thereby bypassing the firewall

Not broadcasting the SSID

Some people have erroneously attempted to improve security by turning off the broadcast of the SSID.^[1] To a user, depending on the wireless software, the network either does not show up, or is displayed as "Unnamed Network". In any case, one needs to manually enter the correct SSID to connect to the network.

This method is not secure, because every time someone connects to the network, the SSID is transmitted in cleartext even if the wireless connection is otherwise encrypted. An eavesdropper can passively sniff the wireless traffic on that network undetected (with software like Kismet), and wait for someone to connect, revealing the SSID. Sometimes, in large networks there is even frequent enough connection requests to see the name listed without additional software. Alternatively, there are faster (albeit detectable) methods where a cracker spoofs a "disassociate frame" as if it came from the wireless router, and sends it to one of the clients connected; the client will immediately re-connect, revealing the SSID.

Thus, this should not be used to protect a wireless network against determined crackers.^[2] Other forms of authentication should be used, of which WEP is the most universal but still easily broken. The best security encryption is WPA(2).

[edit] Basic service set identifier

A related field is the BSSID or Basic Service Set Identifier, which uniquely identifies each BSS (the SSID however, can be used in multiple, possibly overlapping, BSSs). In an infrastructure BSS, the BSSID is the MAC address of the wireless access point (AP). In an independent (ad-hoc) basic service set, the BSSID is a locally administered MAC address generated from a 46-bit random number. The individual/group bit of the address is set to 0. The universal/local bit of the address is set to 1.

A BSSID with a value of all 1s is used to indicate the broadcast BSSID. A broadcast BSSID may only be used during probe requests.