Detect Amateur Wi-Fi Attacks from Aireplay-ng & MDK3 with Wireshark [Tutorial]

August 1, 2018 by 45 Comments

How to Detect Attacks from Tools Like MDK3 & Aireplay-ng
Full Tutorial:
Subscribe to Null Byte:
Kody’s Twitter:

Cyber Weapons Lab, Episode 026

Disrupting a wireless network is easy but, fortunately, detecting script kiddies abusing unprotected management frames is too with the help of Wireshark. Using Wireshark, we can see exactly when a Wi-Fi attack is happening from tools like MDK3 and Aireplay-ng, and we can even determine which tool hackers are using.

To learn more, check out the article:

Follow Null Byte on:
Weekly newsletter:


45 Replies to “Detect Amateur Wi-Fi Attacks from Aireplay-ng & MDK3 with Wireshark [Tutorial]”

  1. Quhack says:

    How do you tell which one is someones?

  2. pasch013 says:

    I'm a script kiddie learning how to detect other skriot kiddies 🙂

  3. Paul Morrey says:

    Thanks for the great video – just following along but when trying to enter the filter wlan type mgt etc. as soon as I enter the word "TYPE" the display turns red and IU cant seem to apply the filter Using wireshark 2.65 Thanks

  4. Paul Morrey says:

    Think I sorted my problem when trying to setup the CAPTURE filter – I was using the DISPLAY filter Cheers

  5. I hate to break it the community, but if your “Hacking skills” involve using an OS such as Kali/BlackArch/Etc. To obtain information/use exploits. Then You are indeed the script kitty in this situation

  6. I can't really think of any recourse you can do really once you detect the attack.
    I suppose you can walk around with a signal strength meter and find the area where the signal is strongest.
    You could also walk around with a RF jammer and see which location causes the attack to stop.
    If the attack is coming from a cantenna offsite then there is very little you can do.
    When a truly secure connection is required you should use ethernet.

  7. When I change my mac address with mac changer, as soon as I put it on in monitor mode it comes back to original mac. Need help.

  8. Realist says:

    Script kiddies? Then if so, you are a script kiddie. You yourself use mdk3 and aireplay

  9. Prevent deauth not detect ?

  10. from this channel, i learn, and understand

  11. Are there any ways to make it more… quiet? 😛
    I'm studying towards IT-security and find these things so damn interesting.
    I'm subscribed to you and for a white hat, like me, to understand how things work, i have to know how the attack is being made to be able to prevent such a thing. Think you could add more "examples" like.. "This is his mac address" and maybe "With this particular attack, it means he's in range of our router and these are the things you have to look for if you want to find this guy/girl/hen". Thank you so much for these, it's sooo damn interesting to learn from someone who knows more. I've just started studying and been doing that for soon half a year. First year it's just towards being a tech guy and know how to manage servers etc. second year it's more towards the security part which is the actual fun part.

    Hope you're seeing this and greetings from Sweden!

  12. Back when there was plenty of laptop sticker real estate to still go around. 🙂

  13. Dan Thompson says:

    As someone who's trying to move from helpdesk into a system engineering role videos like these are super useful. Keep it up. Also still QUALITY cat photos

  14. David Shook says:

    guess I better stress macchanger and dynamic transmit power

  15. Manan Yadav says:

    Script kiddies… such as yourself?

  16. Xj Jxjc says:

    cute kitties 🙂 🙂

  17. I am a big Wireshark fan. A couple of suggestions to NullByte and my fellow followers: For a Wireless profile – check out and if you use a tile tool for terminals and you want to use a terminal based look at packets – check out my article on termshark here: where the filters used here will work all in your terminal!!

  18. Haze1434 says:

    Deauth packets. Ugh! Patience is a virtue.

  19. Gtifighter says:

    Okay so with this method a whitehat hacker could identify the MAC Adress of a blackhat hacker. If the Blackhat hacker is using MAC Spoofing along with the deauth attack he should be fine again?

  20. Not many people would know that. I just did evil twin and everyone got kicked off.

  21. Mdk3 is poo compared to Mdk4 it's much more powerfull. It's kicked my mum off the network whereas Mdk3 wouldn't do it.

  22. Mike Khourey says:

    Amazing content!! I like how you don't leave things behind, like mentioning the colors might different for the captured packets on our WireShark, and then diving into that extra mile in case someone needs that help in modifying those colors! Love it, keep it up 🙂

  23. Ssh says:

    what am I supposed to do if I have a Wireshark on Windows and dont have "wlan type mgt" filter?

  24. Detect yourself with Wireshark!

  25. TRUE HADEZ says:

    Im a script kiddie to

  26. TRUE HADEZ says:

    I use lance its only good for script kiddies but i stopped using it

  27. TRUE HADEZ says:

    I use lance its only good for script kiddies but i stopped using it

  28. BASIL DAOUD says:

    is there a way to detect if someone is trying to capture my WPA2 handshake ?
    (attempting to crack wlan password)

  29. please show easy way for hacking wifi please

  30. AFAIK deauth attacks require totally spoofed MACs, especially if client MAC is specified. Disconnecting a particular client aimed at AP's MAC would appear in packet captures as if the client itself required the deauth. You cannot trace the MAC back to the source wifi interface as that one is in promisc mode and not broadcasting its MAC at all. Also many network equipment (routers/modems with wifi) do regular global deauth by default when they are on crowded channels and they want to sweep a particular width to make room and force nearby APs to change channels. Blasting any newer wifi AP with global deauth will sooner or later trigger it to hop channels.

  31. UniverseNerd says:

    Pettition for a remixer to make this guy sing Im a script kiddie? they did it for badboyhalo…

  32. UniverseNerd says:

    Rules of being a good programmer 101
    1. dont be a script kiddie, no one likes it when you are plaguarizing other peoples work
    2. work youre butt off… do you want it, if you do you should be willing to learn new stuff every day
    and for the script kiddies looking at this comment ive got some code for you
    print("Hello World")
    edit: Well its the only way for them to make anything original and impressive, it all starts with hello world

  33. Puginator says:

    I‘m having difficulties with connecting my wifi with my Kali Virtual Machine.. does anyone know how i can connect the wifi when i‘m using Virtualbox?

  34. qcgv says:

    Never thought I'd hear a grown man use the term "script kiddie" 😂

  35. Everyone starts as a script kiddie(Most people)

  36. haha just use macchanger if your going for offensive 😉

  37. So at that point, you would look for somebody in a hoody that has a dongle with an antenna plugged into their laptop? Or maybe you would look for the one person at Starbrock's that didn't look confused like their wifi just broke.

  38. TRYCE FRALEY says:

    Is this useful if you're having someone get around your camera system and hacking into your cameras. I had someone steal thousands of dollars of electronics, tools and collectibles. From a storage area where I had to separate

  39. great hacker says:

    Wtf so the pro attack WiFi cant be d hhhhh really

  40. great hacker says:

    All time the same topics hhhhh change bro WiFi hacking with evil twin or cracking its so 👎

  41. great hacker says:

    Real hacker dont see YouTube vid

  42. Send It. says:

    Null Byte when did you get into this stuff? or what encouraged you to get into the love of computer science?

Leave a Comment

Your email address will not be published. Required fields are marked *