I personally just fire up and use Kismet, first, and leave it running in the background, to watch things, while using aircrack suite for hacking wireless.

Exerpt from:  http://www.aircrack-ng.org/doku.php?id=aireplay-ng

Hidden SSIDs "<length: ?>"

Many aireplay-ng commands require knowing the SSID. You will sometimes see ”<length: ?>” as the SSID on the airodump-ng display. This means the SSID is hidden. The ”?” is normally the length of the SSID. For example, if the SSID was “test123” then it would show up as ”<length: 7>” where 7 is the number of characters. When the length is 0 or 1, it means the AP does not reveal the actual length and the real length could be any value.

To obtain the hidden SSID there are a few options:

    *
      Wait for a wireless client to associate with the AP. When this happens, airodump-ng will capture and display the SSID.
    *
      Deauthenticate an existing wireless client to force it to associate again. The point above will apply.
    *
      Use a tool like mdk3 to bruteforce the SSID.

  <nods head in agreement>  Really, if you have tools available, why not use them.  If you're to be a good pentester, you can count on building a large tool library (or at least, knowledge thereof.)  No sense in re-inventing the wheel, sometimes, if a tool exists that will work, quickly.  

(That said, Kismet is doing the same thing that 'waiting' with airodump, etc, would do, in that ANY tool is only going to show you a non-broadcasting SSID when a client connects to it.  So, regardless, it's a matter of patience...)  But Kismet displays it all, nicely, once it sees it.

Dude you're in luck

Check out this video on my website http://www.thexero.co.uk/?p=48

In that video I find a hidden network and use the aireplay module to discover the SSId for the network by de-authenticating a client.

~TheXero