Why aren't there any access points found in the output from aireplay-ng while I can see two access points in the output of airodump-ng?

Question

I connect my PC to the internet via ethernet cable and intend to use my WiFi only for pentesting. lspci | grep -i wi returns

03:00.0 Network controller: Intel Corporation Wi-Fi 6 AX200 (rev 1a)

ip l returns

3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
    link/ether b4:0e:de:fb:2d:46 brd ff:ff:ff:ff:ff:ff

when I'm connected to a local WiFi network.

Now, when I run

  sudo ip l set dev wlp3s0 up
  sudo airmon-ng start wlp3s0

ip l returns

4: wlp3s0mon: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ieee802.11/radiotap b4:0e:de:fb:2d:45 brd ff:ff:ff:ff:ff:ff

I am then able to gather some information with airodump-ng wlp3s0mon:

CH  4 ][ Elapsed: 42 s ][ 2023-01-06 13:34
BSSID              PWR  Beacons    #Data, #/s  CH   MB   ENC CIPHER  AUTH ESSID
F1:1D:6B:E2:05:C2  -84        1        0    0   5  270   WPA2 CCMP   PSK  BAR_SANDWICH

 C6:A7:76:23:58:20  -53       39        0    0   1  270   WPA2 CCMP   PSK  net4you
BSSID              STATION            PWR   Rate    Lost    Frames  Notes  Probes
F1:1D:6B:E2:05:C2  EC:3D:FD:C1:93:5D  -77    0 - 1e     0        1

 F1:1D:6B:E2:05:C2  EC:3D:FD:C1:7B:9E  -79    0 - 1e     0        1

 (not associated)   FA:A0:7A:55:8F:AA  -71    0 - 1      0        2

 (not associated)   54:2A:A2:48:26:38  -83    0 - 1      0        1         BAR_SANDWICH

 C6:A7:76:23:58:20  64:BC:58:9E:CD:57  -59    0 - 6e     0        2

where net4you is the SSID of the network broadcast by my router and BAR_SANDWICH is that of my neighbours. When I start the packet inection test with sudo aireplay-ng -9 wlp3s0mon or sudo aireplay-ng --test wlp3s0mon I get the following output:

13:35:10  Trying broadcast probe requests...
13:35:12  No Answer...
13:35:12  Found 0 APs

1. Why aren't there any APs found in the output from aireplay-ng while I can see two access points in the outoput of airodump-ng?

2. Does my wireless card support monitor mode?

3. Does my wireless card support packet injection?

P.S. My environment: Ubuntu Desktop 22.04LTS .

score 2 · Answer 1 · answered Jan 11 '23 at 23:07

I would also use the "airmon-ng check kill" command since there may be processes interfering. This command usually does the trick.

Now try this. Open 2 terminals

Terminal 1 - enter the command and leave it running:

Airodump-ng -c 5 --bssid F1:1D:6B:E2:05:C2 wlp3s0mon

-c is the wifi channel broadcast

--bssid is the mac address of the wifi acces point

'

Terminal 2:

Aireplay-ng -a F1:1D:6B:E2:05:C2 -c EC:3D:FD:C1:93:5D -0 0 wlp3s0mon

-c is the ssid of the device connected to wifi (shown under the station column in terminal 1). I copied one as per your attached screenshots. Run the command and check if the values changes in both terminals for the station you are deauthenticating

-0 - deauthentication mode - given value 0 means infinte tries

Also note that the wifi access point I presume you have permission to test seems to be away since it is showing power -84.

Why aren't there any access points found in the output from aireplay-ng while I can see two access points in the output of airodump-ng?

1 Answers1