Introduction
A deauthentication, or deauth, attack injects deathentication frames in order to disconnect a target from a network. It works on pretty much any network and can be extremely useful in many other attacks in order to force a handshake, since most devices automatically try to connect to any networks in the area that they recognise. Moreover, a deauth attack can serve as a DOS attack, temporarily precluding a particular client from connecting to a network.
aireplay-ng can be to disconnect a device already connected to the network:
aireplay-ng --deauth <count> -a <access point> -c <client> -D <dev>
--deauthspecifies the amount of deauth frames to send. If this is 0, thenaireplay-ngwill produce a continuous stream of deauthentication packets, resulting in a DOS attack.-ais the MAC address (BSSID) of the network you want to attack.-cis the MAC address (BSSID) of the device you want to disconnect from the network. If this is not specified,aireplay-ngwill disconnect all devices connected to the network.-Dwill ensure that the deauth packets are forcibly sent. The attack may not work if this option is not specified, sinceaireplay-ngwill look for the target network in all channels and may not find it in time. This can be omitted if the wireless adapter is already locked on a specific channel by, for example,airodump-ngwhen listening to a particular network and channel.<dev>is the wireless adapter you wish to use for the attack.
If the target is not disconnected on the first try, you can always send more deauthentication frames!