Three are BSSIDs. How to mimic home router BSSID?

Technical Support for Routers
1

Hi all,

I'm new to this router so bear with me. BSSID as far as i know, is the MAC address of a wifi access point (AP).

Here is the scenario

Slate connected to home router via wifi.
Slate physical MAC AB:37
Home router MAC is CC:44. So makes sense that the BSSID would also show up as CC:44. See pic below.

image
image1392×782 79.6 KB

i have "randomised BSSID" for wifi MAC off. see below.

image
image814×384 16.2 KB

Questions

  1. on windows i can run netsh wlan show interfaces in command line to find out the BSSID.
    So on my laptop is connected to slate via wifi, I run the above command and got this.
    image
    image704×334 15.5 KB

BSSID shows as 8A:99. I thought that should be the MAC address of my slate. Which is AB:37 on this page below

image
image1392×782 79.6 KB

where is BSSID 8A:99 coming from?

from my investigation so far, it seems like there are 3 BSSIDs.

  • First one is the one that shows up in the first pic. That is my home routers wifi MAC.
  • 2.4G wifi channel MAC (i found this by doing netsh wlan show interfaces from laptop connected to wifi slate)
  • 5G wifi channel MAC (i found this by doing netsh wlan show interfaces from laptop connected to wifi slate)

is this correct?
when i'm in another country, it would be good to ensure the BSSID that shows up is the same as home router.

On this page
image

How do i do this?

2

MAC and BSSID don't have to be the same / end on the same pattern. Each Wi-Fi network will use its own BSSID.

BSSID must be different from other devices that are near you. So copying your home router's BSSID isn't useful.

Just enable the randomisation, this is the best protection against BSSID tracking.

3

Ok so i enable randomisation. Just a quick example below.

Right now, say my work laptop connected to home router. I run netsh wlan show interfaces and it gives me MAC 555. So that means my AP MAC address is 555.

Company would know my BSSID is 555.
Then i go to japan for a short period. that same work laptop now connects to Slate. The BSSID would be a randomised one and keeps changing at every reboot.

Wouldn't this be a red flag to company's IT department that "ok this guys BSSID used to be 555 for last 3 years. Now it's changing every week"

4

IT departments don't care about BSSIDs mostly. I mean ... why should they? It is detectable, yes, but mostly nobody will monitor it.

5

yes i guess so right. Because at home router I can have 2.4g, 5g, and guest wifi. 3 wifis. When i connect to any of them, i get a different BSSID.

Generally they shouldn't care cause it would flick between the 3 above. But if i reboot my slater every week (since i move around), then I'd get a new BSSID everytime. I thought IT department would surely question why so many BSSID changes in the past 3 months. Gives them the info that BSSID is randomised. Could raise suspicions? But this can ONLY be tracked on company laptop correct? BSSID tracking i'm guessing cannot occur on personal laptop?

6

Everything can raise suspicions, or it can't. We won't know until it happens.
But mostly nobody will notice. I never ever heard of a company tracking BSSIDs.

And if they ask you can still play dumb and saying that you don't even know what a BSSID is but there was some update for your router enhancing privacy and blah blah blah. :wink:

7

hmmm yeaaa just like slate can randomise the BSSID. Then why cant my home router yea? haha :wink:

i guess like you said cant be 100% risk free. Can be 99.9%. The remaining 0.1% where it messes up, just need a good cover story.

8

i could just keep the BSSID static. The true physical one. At least it'll look the same for IT department. No negative consequences there aye?

and this BSSID tracking can only happen on company laptop not personal laptop yea?

9

BSSID tracking happens in the real wild as well. Google, Apple and some others record them and save them. That's the main reason why BSSID randomization happens.

See https://wigle.net/ for example.

10

ahh i see. That's at the google, apple level i guess. At the company level, the tracking can only happen on company laptops and not personal yea?

11

Yup, only on company laptops or devices using MDM (so maybe Outlook on your private phone as well, depending on your company)

12

i doubt my android phone uses MDM for outlook. I just had to login. Didn't have to set work profiles and all.

For mobile phones, you dont recommend wireguard app yea? because apps can detect that VPN is on. Can detect that there is a real ip and vpn IP.

Best would be to get a spare phone, have no sim card in it. ONLY connect to slate. No VPN software installed. So do business that way. Yes?

13

I would not be so paranoid, tbh :laughing:

WireGuard app on phone is fine - but keep in mind that Outlook on your phone will even transmit the IP if you are not connected to your VPN at all. So you should delete the app from your private phone.

14

but if i just keep vpn on all the time, then keeping outlook on phone is ok?

15

Can't really tell. I would not take that risk, tbh.

16

would slack do the same thing?

17

Totally. All company apps will act the same.

18

hmm android phones need VPN kill switch then. Know of something like this?

19

I guess the VPN provider apps do have this, like the Mullvad one.
But I am an iOS guy, so can't really speak for Android, sorry :frowning:

20

but i'm doing private VPN. wireguard. So my home country will have wireguard server. Then i go to japan with slate as wireguard client.

so hence there is wireguard on my android phone too. But it doesn't have kill switch.