I'm testing out some various tools, trying to get them to work, but I cannot seem to get the MDK3 beacon flooding mode to work. I'm currently running Debian with a few Kali repositories installed. I'm using an Alfa card AWUS036NHA, I believe it has the correct drivers already installed (AR9271), although I'm not too sure as the light on the alfa card never actually flashes, I can also do the same thing without the card installed, so I'm not yet sure whether its the card or my NIC that is being used. Anyway, here's what's happening:

~$ sudo iwconfig

eth0      no wireless extensions.

lo        no wireless extensions.

wlan0     IEEE 802.11bgn  ESSID:"mynetwork"  
          Mode:Managed  Frequency:2.437 GHz  Access Point: my router mac   
          Bit Rate=65 Mb/s   Tx-Power=16 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=70/70  Signal level=-22 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:18   Missed beacon:0

~$ sudo airmon-ng start wlan0

Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
2657    NetworkManager
2829    wpa_supplicant
6557    avahi-daemon
6558    avahi-daemon
9213    dhclient
Process with PID 9213 (dhclient) is running on interface wlan0

Interface   Chipset     Driver

wlan0       Atheros     ath9k - [phy0]
                (monitor mode enabled on mon0)

~$ sudo iwconfig

mon0      IEEE 802.11bgn  Mode:Monitor  Tx-Power=16 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

eth0      no wireless extensions.

lo        no wireless extensions.

wlan0     IEEE 802.11bgn  ESSID:"mynetwork"  
          Mode:Managed  Frequency:2.437 GHz  Access Point: my router MAC   
          Bit Rate=1 Mb/s   Tx-Power=16 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=70/70  Signal level=-22 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:18   Missed beacon:0

~$ sudo mdk3 mon0 b -n TrustyConnection

Current MAC: 00:00:00:00:00:00 on Channel  2 with SSID: TrustyConnection
Current MAC: 2F:00:00:00:00:00 on Channel 11 with SSID: TrustyConnection

The program then proceeds to flooding beacon frames, when firing up wireshark (on the same interface, mon0), the beacon flood can be seen. However I never see the network popping up on the network list on my phone, and I've tried disconnecting, turning off WiFi etc.

Another thing I've noticed, the MAC address stays at 2F:00.....:00 after the 2nd output shown above, when I thought it was supposed to hop between MAC addresses constantly.

Any obvious problems I'm missing here?

  • did you find solution? I have exactly same problem.
    – rjoshi
    Commented Oct 4, 2015 at 0:54
  • I don't think I ever solved this one to be honest. Perhaps most hardware and network card vendors have implemented defenses against such attacks recently?
    – dahui
    Commented Oct 7, 2015 at 17:15


You must log in to answer this question.

Browse other questions tagged .