the problem:
Using DEV WIFI board + ESP32 → WiFi Marauder can scan and show list of WIFI SSID’s. I select by adding number from list. Once starting deauth, red led is turning on on dev board, i get “Sending to broadcast… starting deauthentication at tack, stop with stopscan”. Everyting looks nice and correcnt, with no errors or problems. But all clients on the SSID remains connected. Non of them is disconnected. Looks like the auth is not working. Why and how to solve it?
1 Like
That’s all unofficial firmware stuff so this forum doesn’t support it but how do you know the device wasn’t deauthed? The device is going to attempt to reauthorize and reconnect to the network fairly quickly. You can’t rely on the dashboard of the AP to know a device was kicked off. As a test power off your device and see how long before the AP actually notices.
If you look from the devices that was knocked off it can be equally hard to notice. Many device have both WiFi and cellular. Additionally When watching videos for instance there is a data buffer so video may continue to play. In some cases I’ve managed to completely restart my router well others are watching video and they didn’t even notice. The video did not even pause.
To know if a short deauth attack worked you must actively monitor the traffic with a WiFi device capable of monitor mode or you must actually look at the log level. On devices not capable of secondary internet connections like cellular you would have to continue the deauth attack possibly for several minutes to know for sure they were knocked off the network. Even then many devices could switch to another WiFi band outside of the ESP deauthers capability. It’s also possible a device is using WPA3 and protected management frames. In that case they are not subject to a standard deauth attack.
Research the topic more before coming to the conclusion it isn’t working. Find a USB device capable of monitor mode. Then you can look to see if the device has dropped off the network by looking for the WiFi handshake.
1 Like