![\"legit\"](\"https:\/\/matnet.my\/blog\/wp-content\/uploads\/2014\/05\/legit.png\")
<\/a><\/p>\nHere is De-Auth packet sending by aireplay-ng with command :<\/p>\n
aireplay-ng -0 1 -a 10:FE:ED:F6:C1:A0 -c 00:1F:3C:E4:AF:7F mon0<\/span><\/strong>\r\n\r\nWhere : \r\n\r\n-0 - Means deauthentication<\/pre>\n1 - Number of deauth<\/pre>\n-a 00:14:6C:7E:40:80 - MAC address of deauth packet<\/pre>\n-c 00:0F:B5:34:30:30 - MAC address of station\r\n\r\nmon0 - the interface name<\/pre>\n![\"deauth-attack\"](\"https:\/\/matnet.my\/blog\/wp-content\/uploads\/2014\/05\/deauth-attack.png\")
<\/a><\/p>\nSo what we have here ?<\/p>\n
1. The legitimate de-auth packet just send only 1 packet to de-auth<\/p>\n
2. The legitimate de-auth packet length is 39 bit where malicious de-auth sending 44 bit length<\/p>\n
3. De-auth attacks using aireplay-ng with 1 deauth will send 128 packet which is 64 packet to the AP and 64 to the Client as depicted above.<\/p>\n
4. On the reason code for the legit deauth is Code 3 that is sending STA is leaving, but from the malicious deauth packet send Code 7 – Class 3 received from non associated station.<\/p>\n","protected":false},"excerpt":{"rendered":"
I have done several testbed to looks details on the De-Auth frames. This is the legit de-auth packet sent from … More The behaviour of legit De-Auth frame and Malicious De-Auth frame<\/span>