Let us first bring our access point Wireless Lab online again. Let us keep it running on WEP to prove that even with encryption enabled it is possible to attack the access point and client connection. Let us verify that the access point is up by using airodump-ng:
Let us connect our client to this access point as we verify it with airodump-ng:
We will now run aireplay-ng to target the client and access point connection:
The client gets disconnected and tries to reconnect to the access point, we can verify this by using Wireshark just as before:
We have now seen that even in the presence of WEP encryption, it is possible to De-Authenticate a client and disconnect it. The same is valid even in the presence of WPA/WPA2. Let us now set our access point to WPA encryption and verify the same.
Let's connect our client to the access point and ensure it is connected:
Let us now run aireplay-ng to disconnect the client from the access point:
Using Wireshark we can once again verify that this works as well:
What just happened?
We just learnt how to disconnect a wireless client selectively from an access point using De-Authentication frames even in the presence of encryption schemas like WEP/WPA/WPA2. This was done by sending a De-Authentication packet to just the access point - client pair, instead of sending a broadcast De-Authentication to the entire network.
Have a go hero Dis-Association attack on the client
In the preceding exercise, we used a De-Authentication attack to break the connection. Try using a Dis-Association packet to break the established connection between a client and an access point.