I've found that NetStumbler is sporadically able to pick up the SSID of my Cisco access point even though "Broadcast SSID" is turned off. I was told the SSID was actually captured from a client during the process of logging into the network, not from the access point. Is this true?
I have not actually used NetStumbler, but the SSID is broadcast by the client as part of its connection to the access point. It does so to make sure that it is connecting to the correct access point. My understanding of NetStumbler is that it is simply sniffing all wireless, so the likelihood is that yes, your SSID could get picked up because of the client. Unfortunately, there is nothing you can do about that.
For more information on this topic, visit these other SearchSecurity resources:
Ask the Expert: Disabling SSID to secure a WLAN