Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A BSSID is the 48-bit MAC address that uniquely identifies a Wi-Fi access point's radio in a Basic Service Set, distinguishing it from other APs on the same SSID.
BSSID Definition: A BSSID is the 48-bit MAC address that uniquely identifies a Wi-Fi access point's radio in a Basic Service Set, distinguishing it from other APs on the same SSID.
A BSSID (Basic Service Set Identifier) is the 48-bit MAC address that uniquely identifies the radio of a wireless access point within a Basic Service Set (BSS). While the SSID is the human-readable network name that can be shared by many access points, the BSSID pinpoints the one specific AP (or radio) a client is associated with.
In an infrastructure Wi-Fi network, the access point sets its BSSID, normally derived from the MAC address of its wireless interface. Beacon frames and other 802.11 management frames carry the BSSID so clients know which AP sent them and which AP to address. A single AP with multiple radios (2.4 GHz and 5 GHz) or multiple virtual SSIDs will expose multiple BSSIDs. In an ad-hoc or independent BSS, the BSSID is a randomly generated locally administered address rather than a real interface MAC.
For security, the BSSID is central to identifying legitimate versus rogue infrastructure. A rogue or evil-twin access point broadcasts the same SSID as a trusted network but has a different BSSID, so monitoring for unexpected BSSIDs is a key wireless intrusion detection technique. Conversely, attackers spoof BSSIDs to impersonate a legitimate AP and lure clients into connecting. BSSIDs are also used to map and geolocate networks, raising privacy considerations.
For example, a corporate office named 'CorpWiFi' may have twelve access points, each with the same SSID but a distinct BSSID such as 00:1A:2B:3C:4D:5E and 00:1A:2B:3C:4D:6F. As an employee walks the building, their laptop roams seamlessly, re-associating from one BSSID to the next while the SSID stays constant. A security analyst running a wireless scan notices a thirteenth BSSID also advertising 'CorpWiFi' from an unknown MAC, flags it as a possible evil-twin attack, and physically locates and removes the rogue device.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →