Wireless deauthentication

What’s it about?

I want to impersonate the gateway of a wireless network or another pc connected to the wireless network, without being connected to that network, in order to trick computers connected to it into doing what i want. First thing that i thought about was kicking them out, cloning theyr MAC and gaining access (this would be useful for networks with mac filters, radius servers etc).


– It’s fun

– I get a chance to see how wireless network work at a very low level (low as in very deep, you get my drift).


Firstly, i wanted to know what happens when somebody disconnects from a wireless network.

I started my wifi-card into monitoring mode :

iw dev wlan0 interface add wlan0-mon type monitor
ifconfig wlan0-mon up

I fired up Wireshark and set it to monitor the new monitoring wireless interface (wlan0-mon) and i clicked on the disconnect button the see what happens

info to be added

The “attack” plan:


– the big round container is the wireless coverage of the existing wireless network (not the real coverage but i wanted to point out that all the devices in the diagram are in the wireless range of the router)

– my pc isn’t connected to the wireless network or to any other device

– my pc is telling the router that a pc in the network is disconnecting by injecting the raw frames that are sent when somebody wants to disconnect

– the router will deauthenticate the victim pc thinking that it was the one who wanted to disconnect

– the MACs and IPs are totally random (except for the MAC from my PC) to show the idea, and will not be linked to screenshots and such

info to be added