NederlandsKlik deze knop voor de Nederlandstalige website

WiFi jamming: jam wireless networks with Kali Linux

WiFi jamming allows you to drive unwanted, rogue stations off of your network. Is someone stealing your bandwidth? Or messing with your Wi-Fi? Then get rid of them with this deauthentication attack using Kali Linux and some simple tools.

WiFi jamming: a ‘denial-of-service attack’

In this tutorial we will be flooding the target accesspoint with deauthentication packets. This will cause the target accesspoint to disconnect the wireless clients from the network. So in fact this ‘Wi-Fi deauthentication attack‘ is a type of denial-of-service (DOS) attack. It doesn’t involve the actual jamming of radio frequencies.

Requirements and procedure

For WiFi jamming you will need a computer running Kali Linux, and a wireless interface which is capable of operating in monitor mode and can do packet injection. I will be using the TP-Link TL-WN722N 150Mbps High Gain Wireless USB Adapter, which is cheap and powerful.

Wifi jamming: TP-Link TL-WN722N High Gain Wireless USB Adapter
TP-Link TL-WN722N High Gain Wireless USB Adapter

When you have your system up and running, it only takes 3 easy steps to drive rogue stations off your network:

  1. Enable monitor mode on your wireless interface.
  2. Determine the MAC addresses of the target accesspoint (and client).
  3. Send deauthentication packets to the access point to disconnect one or all clients.

Enable monitor mode on the WiFi interface

First of all, list the available wireless interfaces by running airmon-ng:

airmon-ng

WiFi jamming: Airmon-ng, wireless interfaces found
Airmon-ng, wireless interfaces found

My laptop has two built-in WiFi cards (wlan0 and wlan1), but for the WiFi jamming I will be using the TP-Link USB adapter which is wlan4. If your wireless interface is wlan0, you should type ‘wlan0’ whenever I mention ‘wlan4’ in this tutorial.

Enable monitor mode on the wireless card:

airmon-ng start wlan4

WiFi jamming: Airmon-ng, start WLAN
Airmon-ng, start WLAN

The output of airmon-ng tells us two important things:

  1. There are a few processes that could interfere with airodump-ng.
  2. A new monitor mode interface called wlan4mon was created.

To get rid of the interfering processes, kill them by using ‘airmon-ng check kill’:

airmon-ng check kill

Your wireless interface is now ready to be used by Airodump-ng in the following steps.

Determine the target MAC address

Now we use airodump-ng on the interface wlan4mon to scan for all nearby networks:

airodump-ng wlan4mon

WiFi jamming: Airodump, list of accesspoints found
Airodump, list of accesspoints found

In the image above you see our target accesspoint with ESSID ‘OneGuyOneBlog’. The important part here is the BSSID (‘C6:25:06:57:99:0E’) of this accesspoint. This is the MAC address which we will need to send our packtets to later on. Also take note of the channel (CH 1) which this accesspoint is operating on.

Next, we use airodump-ng to discover which clients are connected to ‘OneGuyOneBlog’ by using the BSSID and channel number we just found:

airodump-ng -c 1 --bssid C6:25:06:57:99:0E wlan4mon

Note: do not forget to change the channel ‘-c 1‘ to the channel number of your target AP, or you’ll get the error “No such BSSID available”.

WiFi jamming: Airodump, accesspoint and wireless clients
Airodump, accesspoint and wireless clients

The image above shows that there are two clients (‘stations’) connected to our target accesspoint ‘OneGuyOneBlog’.  One with the MAC address 90:C1:15:1C:85:C0 and the other with address F0:25:B7:23:CB:03.

Disconnect all clients

If you want to disconnect all wireless devices from the target network, you can do this by using Aireplay on the BSSID of the accespoint like this:

aireplay-ng -0 0 -a C6:25:06:57:99:0E wlan4mon

The option ‘-0 0’ (two zeroes) tells Aireplay to use attack type 0 (deauthentication) for 0 amount of times (zero means infinite).

WiFi jamming: Aireplay-ng, deauthenticate all clients
Aireplay-ng, deauthenticate all clients

Disconnect a single client

If you also specify the MAC address of a client (see ‘stations’ above) with the -c option, you can disconnect just that single wireless device from the network instead of all devices:

aireplay-ng -0 0 -a C6:25:06:57:99:0E -c 90:C1:15:1C:85:C0 wlan4mon

WiFi jamming: Aireplay-ng, deauthenticate one client
Aireplay-ng, deauthenticate one client

Disclaimer

This tutorial is for educational purposes only. Although WiFi jamming is not real hacking, messing with other people’s wireless networks might be illegal where you live. So only use this method on networks you own or allowed to mess with.

This post is also available in Dutch.

23 Comments

Add a Comment

Your email address will not be published. Required fields are marked *