Introduction
Now that you know how to sniff wireless traffic and identify targets, it’s time to take your recon a step further — by kicking devices off the network and capturing their WPA2 handshake for password cracking.
This technique is called a deauthentication attack.
❓ What is a Deauthentication Attack?
A deauthentication attack is a type of denial-of-service (DoS) attack against Wi-Fi networks where:
The attacker sends fake deauth packets to a device
The device is forced to disconnect from the access point
During reconnection, the device re-authenticates, allowing us to capture the WPA/WPA2 handshake
This is the most common way to collect handshakes for WPA cracking.
⚙️ Tools Needed
Kali Linux (or any Linux with aircrack-ng suite)
Wi-Fi adapter in monitor mode
Tools:
airodump-ng,aireplay-ng
Step-by-Step: Capturing a Handshake
1. Scan for Networks
Run the following to scan nearby Wi-Fi networks:
sudo airodump-ng wlan0monIdentify the BSSID (MAC address) and Channel (CH) of your target network.
2. Focus on One Network
Lock onto a specific target using its BSSID and channel:
sudo airodump-ng --bssid <BSSID> --channel <CH> -w handshake wlan0monThis will capture packets and save them to a file named handshake.cap.
3. Launch Deauthentication Attack
Open a new terminal and run:
sudo aireplay-ng --deauth 10 -a <BSSID> wlan0mon--deauth 10: Sends 10 deauthentication packets-a <BSSID>: Target Access Point (AP) MAC address- You can also add
-c <client MAC>to target a specific device
This forces connected devices to disconnect and reconnect — during which handshake packets are exchanged.
4. Check for Handshake
In the top-right of the airodump-ng screen, look for:
WPA handshake: [BSSID]If you see it — Success! You now have the data required to crack the Wi-Fi password in the next steps.
Tips & Variations
You may need to repeat the deauth multiple times
Some clients may auto-reconnect slowly — be patient
Tools like
hcxdumptooloffer more advanced handshake capture methods
Ethics & Legality
While this is a common pentesting technique, unauthorized deauthentication is illegal under laws like the Computer Fraud and Abuse Act (CFAA) or local telecom laws.
Only perform this in a controlled lab or with written permission.
Wrapping Up
The deauthentication attack is your gateway to collecting valuable WPA/WPA2 handshake data for cracking in the next stage.
Without a captured handshake, you can’t brute-force WPA2 passwords.
Next up:
🔓 Part 6 – Cracking WEP: The Easiest Wi-Fi Hack
We’ll demonstrate how to compromise outdated WEP-secured networks in minutes.
1 thought on “Deauthentication Attacks — Forcing Devices Offline”