11

With aireplay, you have to specify both the AP and client to send deauth frames to, but MDK3 doesn't require an AP mac address. Does it just scan the desired channel for beacons until it finds an AP then spoofs that AP's mac address to send deauth frames to clients, or am I missing something? Also, does it send deauth frames to both the AP and the client, or just to clients? I've tried sniffing packets while running MDK3 to see what's going on, but there's massive amounts of noise from other people's home wifi networks around me and I'm not sure if what I'm seeing is AP mac spoofing or other people's APs sending genuine deauth frames.

Any help would be much appreciated.

Bobbybobbobbo
  • 111
  • 3
  • I doubt you can get an answer, since this is "Vendor specific" or "Do X for me" and can be closed... but I'll upvote if that helps. – Azteca Mar 29 '17 at 05:51
  • You should be able to filter your sniffing such that only relevant packets appear, i.e. you can have Wireshark display just the deauthentication packets. – multithr3at3d Aug 29 '17 at 00:44

2 Answers2

1

Yes, MDK3 sniffs traffic to find targets. This allows it to find the proper source address(es) for the Deauth packets to be sent. MDK3 also appears to send deauth packets in both directions to ensure the AP drops traffic from the client as well as the client disconnecting from the AP.

David
  • 15,814
  • 3
  • 48
  • 73
0

I can't solve your doubts in terms of MDK3, but I can help you with deauth packets in Aircrack. When you launch aireplay-ng -1 0 -a mac-of-the-victim -h your-mac-address wlan0mon in fact you are impersonating the AP using his MAC address.

So, if you provide a victims MAC address you only send the deauthentication packet to that MAC address. Otherwise, if you don't provide a victims MAC address you just send that packet to broadcast address and everyone in the Wi-Fi network receive it.

elena.bdc
  • 35
  • 7