Results 1 to 9 of 9

Thread: disassociate all

  1. #1
    7ELEVEN
    Guest

    Default disassociate all

    quick question is there a command that can be use in aireplay-ng to disassociate all wireless devices connect to a specific AP?

  2. #2
    Just burned his ISO
    Join Date
    May 2008
    Posts
    2

    Default

    aireplay-ng -0 1 --bssid <ap bssid> --dmac FF:FF:FF:FF:FF:FF <interface>

    FF:FF:FF:FF:FF:FF is the broadcast MAC address, similar to using 255 for IP addresses.
    As the warning will tell you though, the attack is best directed at a specific MAC address. Sometimes it will work, sometimes it wont.
    Although, if you aren't careful and set your count too high, you could cause a DOS for the AP.
    Kismet will also pickup and warn the users of a mass DeAuth attack the moment it starts.

  3. #3

    Default

    Is FF:FF:FF:FF:FF:FF an example MAC, or is that actually what would be entered into the command? I see you tried to explain, but I didn't understand it clearly. (I understand the 255 correlation though)

  4. #4
    Just burned his ISO
    Join Date
    May 2008
    Posts
    2

    Default

    FF:FF:FF:FF:FF:FF is the actual broadcast MAC
    A MAC broadcast works in much the same way as an IP broadcast. When sending an IP broadcast, one must also send a MAC broadcast. With an understanding of the TCP/IP Reference Model and how ethernet works this makes sense. When a host sends a packet out, it adds to it in the order of Application, Transport, Internet, and finally Network Interface.

    When this packet is recieved it is read in reverse. So the IP broadcast which is asking all hosts within a given IP range to respond is not the first thing a host processes. The first thing a host sees as the packet comes its way is the MAC address. If this MAC address is not relevant to the host, it will not read the rest of the packet. So an IP broadcast would not get to all hosts. That is unless the MAC address was also a broadcast address and all hosts responded to it.

    This is the MAC broadcast address, and like the IP broadcast it is a binary sequence of all ones. This is a 48-bit address, so referring to the MAC broadcast address as a string of 48 ones is a little ungainly. Like other MAC addresses, it is converted into hexadecimal; the MAC broadcast address is therefore FF-FF-FF-FF-FF-FF.

    Note: As with IP broadcasts, routers terminate MAC broadcasts, so that WANs aren't bogged down by them.

  5. #5
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by 7ELEVEN View Post
    quick question is there a command that can be use in aireplay-ng to disassociate all wireless devices connect to a specific AP?
    Try mdk3 with the d option.
    dd if=/dev/swc666 of=/dev/wyze

  6. #6
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Try mdk3 with the d option.
    I was going to give the same advice. Used along with a blacklist (-b) this is a much more efficient way to continuously disassociate all clients on an AP.
    -Monkeys are like nature's humans.

  7. #7
    7ELEVEN
    Guest

    Default mdk3...?

    not familiar with that. can you give me an example?

  8. #8
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    not familiar with that. can you give me an example?
    This should give you all the help you need.
    Code:
    mdk3 --fullhelp
    -Monkeys are like nature's humans.

  9. #9

    Default

    Quote Originally Posted by bluewraith View Post
    FF:FF:FF:FF:FF:FF is the actual broadcast MAC:

    A MAC broadcast works in much the same way as an IP broadcast. When sending an IP broadcast, one must also send a MAC broadcast. With an understanding of the TCP/IP Reference Model and how ethernet works this makes sense. When a host sends a packet out, it adds to it in the order of Application, Transport, Internet, and finally Network Interface.

    When this packet is recieved it is read in reverse. So the IP broadcast which is asking all hosts within a given IP range to respond is not the first thing a host processes. The first thing a host sees as the packet comes its way is the MAC address. If this MAC address is not relevant to the host, it will not read the rest of the packet. So an IP broadcast would not get to all hosts. That is unless the MAC address was also a broadcast address and all hosts responded to it.

    This is the MAC broadcast address, and like the IP broadcast it is a binary sequence of all ones. This is a 48-bit address, so referring to the MAC broadcast address as a string of 48 ones is a little ungainly. Like other MAC addresses, it is converted into hexadecimal; the MAC broadcast address is therefore FF-FF-FF-FF-FF-FF.

    Note: As with IP broadcasts, routers terminate MAC broadcasts, so that WANs aren't bogged down by them.
    Thanks for the explanation.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •