Discover Hidden WiFi SSIDs with aircrack-ng


Assess the security of your WiFi network by detecting its hidden SSID.


It’s recommended that you use Kali Linux, but this can be done with any Linux distribution.


A working Linux installation with root privileges and an installed wireless adapter.




  • # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – requires given linux commands to be executed as a regular non-privileged user


WiFi security isn’t easy. There’s a ton of potential threats, and even more reported “solutions” flying around out there. One supposed security measure that you can take is hiding your network’s SSID. The guide will demonstrate why that does absolutely nothing to stop attackers.

Install Aircrack-ng

If you’re running Kali, you already have aircrack-ng. If you’re on another distribution, and you want to try this out, you’ll have to install it. The name of the package should be the same no matter what you’re running, so use your package manager to grab it.

$ sudo apt install aircrack-ng

Scan For Networks

Before you get started, run ifconfig or ip a to find the name of your wireless interface. You’re going to need it.

Once you have your wireless interface, disconnect. You can use Aircrack while connected, but you won’t be able to test your network this way. Aircrack will immediately discover your network’s SSID.

As root, run the following linux command. Substitute your wireless interface in place of wlan0.

$ sudo airmon-ng start wlan0

That will create a temporary virtual interface for monitoring. It will print out the name of the interface, so make note of that too. It’s usually mon0.

Now, monitor that interface.

$ sudo airodump-ng mon0

The screen will begin to populate with a list of WiFi networks in your area. It will display all of the information that it can in two tables. The top table has the networks. The bottom one contains the clients connecting to those networks. The important parts to note are the BSSID, Channel, and ESSID. Your hidden network will report an ESSID that looks something like this: . That is the amount of characters in your ESSID.

The bottom table will show you the BSSID(MAC address) of each client and the network that they are seen connecting to, if it’s known.

Narrow Your Scan

There’s a lot of noise in that readout. Cancel your current command and rerun it specifying the BSSID and channel of your network.

$ sudo airodump-ng -c 1 --bssid XX:XX:XX:XX:XX:XX mon0

This command will show your network and only your network.

Disconnect A Device

You have two options while monitoring your network. You can either wait for a device to connect, and that will immediately populate the SSID of your network, or you can forcefully disconnect one of your devices, and it will broadcast the SSID when it attempts to reconnect.

To disconnect a client, you need to use the aireplay-ng command, and pass it the BSSID of the network and the BSSID of the client. The -0 flag tells the command to send a disconnect signal. The number that follows is the amount of requests that it should send.

$ sudo aireplay-ng -0 15 -c CLIENT BSSID -a NETWORK BSSID mon0

Depending on your computer’s configuration, you might need to add the --ignore-negative-one flag too.

Shortly after you run the command, you will see the network’s SSID fill in in place of the length value.

Closing Thoughts

You’ve now exposed your network’s “hidden” SSID. Clearly, hiding your SSID is a minor inconvenience at best. There’s noting wrong with doing it, but don’t expect to secure your network that way.

Warning: this article is for educational purposes only, and the process should only ever be performed with your own network.

Comments and Discussions
Linux Forum