I'm currently working on a WIPS and I would like to know how to obtain the attacking MAC address when he launches a aireplay-ng deauth attack.
On wireshark, if the attacker broadcast the deauth attack it appears as source address my router and destination address broadcast. If the attacker launches the attack to a specific victim it appears as source address my router and destination the victims MAC address.
Is there any way to obtain the attacker MAC?