How to deauth a client?

[rajend3]

So I have a wireless connection on device ath0. So I created a monitor mode VAP as ath1. I put down ath0 an put ath1 up, then I run this command:

aireplay-ng -0 1 -a 00:1C:10:18:85:64 -c 00:30:bd:62:f7:fb ath1

But when I do it says its waiting for a beacon frame, then tells me to run it again and specify the essid.

For some reason the command seems to work when I connect to the AP with ath0. Is this supposed to work like this or am I doing something wrong?

[exiztential]

OK, I'll bite, what happend when you tried running the same command with the ESSID included?

What card are you using? ath0 is what I see on my atheros card and if that's what you're running then I'm not sure if it's wrong, but I use ath0 for a managed wireless connection _and_ a monitor mode vap (tho not at the same time.)

airmon-ng stop ath0
airmon-ng start wifi0 # which sets up vap bringing ath0 back up in monitor mode.

Then I use the command you listed above but with ath0 as the interface.
I'm assuming now that your -a is the AP mac address and the -c is the mac of a wireless client associated with said AP.

Connecting to the AP in this scenario shouldn't enter into it. What this deauth attack does is send a packet to the client prentending to be (spoofing the source address of) this client's access point. You're not talking to the access point at all. I'm 99% sure there's no waiting for a beacon frame on a deauth attack but I can't test it this second.

-eX

[imported_pynstrom]

Try increasing the number of deauths sent and adding the SSID:

Code:

aireplay-ng -0 10 -a 00:1C:10:18:85:64 -e <SSID> -c 00:30:bd:62:f7:fb ath1