User Tools

Site Tools


deauthentication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
deauthentication [2008/09/22 18:53]
darkaudax RC/SVN information
deauthentication [2010/11/21 13:34] (current)
sleek typos
Line 26: Line 26:
 First, you determine a client which is currently connected. ​ You need the MAC address for the following command: First, you determine a client which is currently connected. ​ You need the MAC address for the following command:
  
-aireplay-ng -0 1 -a 00:​14:​6C:​7E:​40:​80 -c 00:0F:B5:34:30:30 ath0+   aireplay-ng -0 1 -a 00:​14:​6C:​7E:​40:​80 -c 00:0F:B5:AE:CE:9D ath0
  
 Where: Where:
Line 32: Line 32:
   * 1 is the number of deauths to send (you can send multiple if you wish)   * 1 is the number of deauths to send (you can send multiple if you wish)
   * -a 00:​14:​6C:​7E:​40:​80 is the MAC address of the access point   * -a 00:​14:​6C:​7E:​40:​80 is the MAC address of the access point
-  * -c 00:0F:B5:34:30:30 is the MAC address of the client you are deauthing +  * -c 000:0F:B5:AE:CE:9D is the MAC address of the client you are deauthing 
-  *ath0 is the interface name+  * ath0 is the interface name
  
-Here is what the ouput looks like:+Here is typical output: 
 + 
 +   ​12:​35:​25 ​ Waiting for beacon frame (BSSID: 00:​14:​6C:​7E:​40:​80) on channel 9 
 +   ​12:​35:​25 ​ Sending 64 directed DeAuth. STMAC: [00:​0F:​B5:​AE:​CE:​9D] [ 61|63 ACKs] 
 + 
 +For directed deauthentications,​ aireplay-ng sends out a total of 128 packets for each deauth you specify. ​ 64 packets are sent to the AP itself and 64 packets are sent to the client. 
 + 
 +Here is what the "[ 61|63 ACKs]" means: 
 + 
 +  * [ ACKs received from the client | ACKs received from the AP ] 
 +  * You will notice that the number in the example above is lower then 64 which is the number of packets sent.  It is not unusual to lose a few packets. ​ Conversely, if the client was actively communicating at the time, the counts could be greater then 64. 
 +  * How do you use this information? ​ This gives you a good indication if the client and or AP heard the packets you sent.  A zero value definitely tells the client and/or AP did not hear your packets. ​ Very low values likely indicate you are quite a distance and the  signal strength is poor. 
 + 
  
-   ​11:​09:​28 ​ Sending DeAuth to station ​  -- STMAC: [00:​0F:​B5:​34:​30:​30] 
  
 ==== WPA/WPA2 Handshake capture with an Atheros ==== ==== WPA/WPA2 Handshake capture with an Atheros ====
Line 47: Line 58:
   aircrack-ng -w /​path/​to/​dictionary out.cap   aircrack-ng -w /​path/​to/​dictionary out.cap
  
-Here the explaination ​of the above commands:+Explanation ​of the above:
  
 airodump-ng -c 6 --bssid 00:​14:​6C:​7E:​40:​80 -w out ath0\\ airodump-ng -c 6 --bssid 00:​14:​6C:​7E:​40:​80 -w out ath0\\
Line 81: Line 92:
 After sending the ten batches of deauthentication packets, we start listening for ARP requests with attack 3. The -h option is mandatory and has to be the MAC address of an associated client. After sending the ten batches of deauthentication packets, we start listening for ARP requests with attack 3. The -h option is mandatory and has to be the MAC address of an associated client.
  
-If the driver is [[http://​www.linux-wlan.com/​linux-wlan|wlan-ng/]], you should run the [[airmon-ng]] script (unless you know what to type) otherwise the card won't be correctly setup for injection.+If the driver is [[http://​www.linux-wlan.com/​linux-wlan|wlan-ng]],​ you should run the [[airmon-ng]] script (unless you know what to type) otherwise the card won't be correctly setup for injection.
  
 ===== Usage Tips ===== ===== Usage Tips =====
Line 105: Line 116:
  
 See the general aireplay-ng troubleshooting ideas: [[aireplay-ng#​usage_troubleshooting|aireplay-ng usage troubleshooting]]. See the general aireplay-ng troubleshooting ideas: [[aireplay-ng#​usage_troubleshooting|aireplay-ng usage troubleshooting]].
- 
- 
-===== Release Candidate or SVN Version Notes ===== 
- 
-This section ONLY applies the latest SVN version and to some release candidate versions of the aircrack-ng suite. ​ Once they are released as "​stable"​ then the documentation above will be updated. 
- 
-For directed deauthentications,​ aireplay-ng sends out a total of 128 packets for each deauth you specify. ​ 64 packets are sent to the AP itself and 64 packets are sent to the client. 
- 
-Here is a typical command: 
- 
-    aireplay-ng -0 1 -a 00:​14:​6C:​7E:​40:​80 -c 00:​0F:​B5:​AE:​CE:​9D ath0  
- 
-Here is typical output: 
- 
-   ​12:​35:​25 ​ Waiting for beacon frame (BSSID: 00:​14:​6C:​7E:​40:​80) on channel 9 
-   ​12:​35:​25 ​ Sending 64 directed DeAuth. STMAC: [00:​0F:​B5:​AE:​CE:​9D] [ 61|63 ACKs] 
- 
-Here is what the "[ 61|63 ACKs]" means: 
- 
-  * [ ACKs received from the client | ACKs received from the AP ] 
-  * You will notice that the number in the example above is lower then 64 which is the number of packets sent.  It is not unusual to lose a few packets. ​ Conversely, if the client was actively communicating at the time, the counts could be greater then 64. 
-  * How do you use this information? ​ This gives you a good indication if the client and or AP heard the packets you sent.  A zero value definitely tells the client and/or AP did not hear your packets. ​ Very low values likely indicate you are quite a distance and the  signal strength is poor. 
-  
  
deauthentication.1222102434.txt.gz · Last modified: 2008/09/22 18:53 by darkaudax