deauthentication
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
deauthentication [2007/07/08 18:02] – deauth useless on fakeauth mister_x | deauthentication [2010/11/21 13:34] (current) – typos sleek | ||
---|---|---|---|
Line 8: | Line 8: | ||
* Generate ARP requests (Windows clients sometimes flush their ARP cache when disconnected) | * Generate ARP requests (Windows clients sometimes flush their ARP cache when disconnected) | ||
- | Of course, this attack is totally useless if there are no associated wireless client or on a fake authentications. | + | Of course, this attack is totally useless if there are no associated wireless client or on fake authentications. |
===== Usage ===== | ===== Usage ===== | ||
Line 16: | Line 16: | ||
Where: | Where: | ||
* -0 means deauthentication | * -0 means deauthentication | ||
- | * 1 is the number of deauths to send (you can send muliple | + | * 1 is the number of deauths to send (you can send multiple |
* -a 00: | * -a 00: | ||
* -c 00: | * -c 00: | ||
Line 26: | Line 26: | ||
First, you determine a client which is currently connected. | First, you determine a client which is currently connected. | ||
- | aireplay-ng -0 1 -a 00: | + | aireplay-ng -0 1 -a 00: |
Where: | Where: | ||
* -0 means deauthentication | * -0 means deauthentication | ||
- | * 1 is the number of deauths to send (you can send muliple | + | * 1 is the number of deauths to send (you can send multiple |
* -a 00: | * -a 00: | ||
- | * -c 00:0F:B5:34:30:30 is the MAC address of the client you are deauthing | + | * -c 000:0F:B5:AE:CE:9D is the MAC address of the client you are deauthing |
- | *ath0 is the interface name | + | * ath0 is the interface name |
+ | |||
+ | Here is typical output: | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | For directed deauthentications, | ||
+ | |||
+ | Here is what the "[ 61|63 ACKs]" means: | ||
- | Here is what the ouput looks like: | + | * [ ACKs received from the client | ACKs received from the AP ] |
+ | * You will notice that the number in the example above is lower then 64 which is the number of packets sent. It is not unusual to lose a few packets. | ||
+ | * How do you use this information? | ||
+ | |||
- | | ||
==== WPA/WPA2 Handshake capture with an Atheros ==== | ==== WPA/WPA2 Handshake capture with an Atheros ==== | ||
Line 47: | Line 58: | ||
aircrack-ng -w / | aircrack-ng -w / | ||
- | Here the explaination | + | Explanation |
airodump-ng -c 6 --bssid 00: | airodump-ng -c 6 --bssid 00: | ||
Line 81: | Line 92: | ||
After sending the ten batches of deauthentication packets, we start listening for ARP requests with attack 3. The -h option is mandatory and has to be the MAC address of an associated client. | After sending the ten batches of deauthentication packets, we start listening for ARP requests with attack 3. The -h option is mandatory and has to be the MAC address of an associated client. | ||
- | If the driver is [[http:// | + | If the driver is [[http:// |
===== Usage Tips ===== | ===== Usage Tips ===== | ||
Line 91: | Line 102: | ||
===== Usage Troubleshooting ===== | ===== Usage Troubleshooting ===== | ||
+ | |||
+ | ===== Why does deauthentication not work? ===== | ||
+ | |||
+ | There can be several reasons and one or more can affect you: | ||
+ | |||
+ | * You are physically too far away from the client(s). | ||
+ | * Wireless cards work in particular modes such b, g, n and so on. If your card is in a different mode then the client card there is good chance that the client will not be able to correctly receive your transmission. | ||
+ | * Some clients ignore broadcast deauthentications. | ||
+ | * Clients may reconnect too fast for you to see that they had been disconnected. | ||
+ | |||
+ | |||
+ | ===== General ===== | ||
See the general aireplay-ng troubleshooting ideas: [[aireplay-ng# | See the general aireplay-ng troubleshooting ideas: [[aireplay-ng# | ||
deauthentication.txt · Last modified: 2010/11/21 13:34 by sleek