Your link is not working for me (fixed it - seems rather old, I guess, things have changed since 2008); and on a personal note, all APs etc are uniquely identifyable by their BSSID, but not their ESSID, hence I am guessing the BSSID method should be more reliable in identifying a particular unit (why use the two identifiers for the same thing?). Anyway, the command seems to work as is, I switched to using BSSIDs rather than ESSIDs to avoid the headache with APs with spaces and other special characters (ie. I spent a lot of time on this, just read back a few hundred posts or so ). I am happy for any testing and feed-back though, so thanks for your time. I have not yet tested for hidden ESSIDs discovery, still on my list. Edit:ESSID is only required for cracking, where the ESSID is part of the salt for the hashes, so that is another explanation, why the ESSID is not required for this case.