Deauthentication is possible because the 802.11 Wi-Fi protocol includes a management frame that a client can use to announce that it wishes to terminate a connection with an access point. You can take advantage of this provision by spoofing a victim's MAC address and sending the deauthentication frame to the access point, which then prompts the access point to terminate the connection.

Other than simple denial of service, deauthentication attacks are used in service of evil twin attacks, replay attacks, cracking attacks, and more. They have even been used by public businesses like hotels in order to force their customers to stop using personal hotspots and start using the hotel's own Wi-Fi services, which they charge for. Ultimately, a deauthentication attack can be a powerful technique for accomplishing a number of different malicious objectives.

There are several tools that can perform deauthentication. The following is an example of using aireplay-ng to deauthenticate all clients on a WAP:

aireplay-ng -0 1 -a <MAC address> wlan0

The -0 1 flag specifies that the tool will send one deauthentication message. Using the -a flag, you specify the MAC address of the targeted access point. You can also use the -c flag with the MAC address of a target client in case you only want to knock one client off the WAP instead of every client.

Other than software tools, a hardware tool like WiFi Pineapple can launch deauthentication attacks.

WiFi security auditing tools suite. Contribute to aircrack-ng/aircrack-ng development by creating an account on GitHub.