With aireplay, you have to specify both the AP and client to send deauth frames to, but MDK3 doesn't require an AP mac address. Does it just scan the desired channel for beacons until it finds an AP then spoofs that AP's mac address to send deauth frames to clients, or am I missing something? Also, does it send deauth frames to both the AP and the client, or just to clients? I've tried sniffing packets while running MDK3 to see what's going on, but there's massive amounts of noise from other people's home wifi networks around me and I'm not sure if what I'm seeing is AP mac spoofing or other people's APs sending genuine deauth frames.
Any help would be much appreciated.