How to deauth a client?
So I have a wireless connection on device ath0. So I created a monitor mode VAP as ath1. I put down ath0 an put ath1 up, then I run this command:
aireplay-ng -0 1 -a 00:1C:10:18:85:64 -c 00:30:bd:62:f7:fb ath1
But when I do it says its waiting for a beacon frame, then tells me to run it again and specify the essid.
For some reason the command seems to work when I connect to the AP with ath0. Is this supposed to work like this or am I doing something wrong?
OK, I'll bite, what happend when you tried running the same command with the ESSID included?
What card are you using? ath0 is what I see on my atheros card and if that's what you're running then I'm not sure if it's wrong, but I use ath0 for a managed wireless connection _and_ a monitor mode vap (tho not at the same time.)
airmon-ng stop ath0
airmon-ng start wifi0 # which sets up vap bringing ath0 back up in monitor mode.
Then I use the command you listed above but with ath0 as the interface.
I'm assuming now that your -a is the AP mac address and the -c is the mac of a wireless client associated with said AP.
Connecting to the AP in this scenario shouldn't enter into it. What this deauth attack does is send a packet to the client prentending to be (spoofing the source address of) this client's access point. You're not talking to the access point at all. I'm 99% sure there's no waiting for a beacon frame on a deauth attack but I can't test it this second.
Try increasing the number of deauths sent and adding the SSID:
aireplay-ng -0 10 -a 00:1C:10:18:85:64 -e <SSID> -c 00:30:bd:62:f7:fb ath1