aireplay-ng

TLDR

Deauthenticate a client

$ sudo aireplay-ng -0 [5] -a [AP_BSSID] -c [CLIENT_MAC] [wlan0mon]

Fake authentication to AP

$ sudo aireplay-ng -1 0 -a [AP_BSSID] -e [SSID] [wlan0mon]

ARP replay attack for WEP

$ sudo aireplay-ng -3 -b [AP_BSSID] [wlan0mon]

Inject packets interactively

$ sudo aireplay-ng -2 -b [AP_BSSID] -r [capture.cap] [wlan0mon]

Fragmentation attack

$ sudo aireplay-ng -5 -b [AP_BSSID] [wlan0mon]

SYNOPSIS

aireplay-ng attack-mode [-a bssid] [-c client] [-e essid] [options] interface

aireplay-ng is a packet injection tool for wireless networks. It can generate traffic to increase data capture for WEP cracking, force clients to disconnect (enabling handshake capture), and perform various wireless attacks.
The tool requires a wireless interface in monitor mode with injection capability.

PARAMETERS

-0 count

Deauthentication attack (0 = continuous)

-1 delay

Fake authentication attack

-2

Interactive packet replay

-3

ARP request replay attack

-4

KoreK chopchop attack

-5

Fragmentation attack

-6

Cafe-latte attack

-7

Client-oriented fragmentation

-9

Injection test

-a bssid

Target access point MAC

-c client

Target client MAC

-e essid

Target network name

-h mac

Source MAC address

-r file

Read packets from capture file

CAVEATS

For authorized penetration testing only. Requires interface with injection support. Deauthentication attacks are detectable by WIDS. Some attacks only work against WEP networks.

HISTORY

aireplay-ng is a core component of the aircrack-ng suite, first released in 2006. It consolidated various wireless attack techniques into a single tool.