Aireplay-ng too slow with DeAuths

http://imgur.com/a/sOXC8​

first step is to set terminal to root, then bring down the adapter.

then set adapter to monitor mode.

then for the 3rd, 4th, and 5th screenshot, I killed all the network processes running (discovered with airmon-ng check wlp1s0. I used kill to bring them down. However avahi​-daemon is still up. I even used service avahi-daemon stop, but nothing I do brings those processes down.

I'm assuming they aren't interfering with anything (but they may be the problem?)
6th screenshot is airodump-ng wlp1s0 which starts the network analyzer.
the 7th screenshot selects the network I want to attack.
airodump-ng -c 1 --bssid [mac] wlp1s0
the 8th screenshot shows my deauth attack.
aireplay-ng -0 0 -a [mac] wlp1s0
the 9th screenshot shows the slow attack. the timestamps indicate the frequency of each deauth and it isn't nowhere as near as fast as the video. It doesn't DOS my router at all...

I might be completely wrong but IIRC you're supposed to target a client, not the ap.
This because the objective is to prolly sniff the handshake when the client reconnects?
Or is the purpose to nuke everything?
Haven't played with it in years.

Ah it makes sense now. Deauthenticate basically kicks the person off their network and then when they go to re-authenticate it does a handshake. I also didn't catch that he kept the targeted network terminal found through airodump-ng open. Then he did aireplay and after the deauths kicked the person off, he was able to authenticate.

What that means though is tbd for me, as I'm new at this. I also had a problem with the deauths being very slow in comparison to what was show in the video. I'll have to give it another shot.
It takes a lot of prep work, having to shut down your network manager / connections, turn it to monitored mode, etc :/

Updated main post with my issue and bump. Please help. I'm very aggravated with how slow the deauth is. It WILL NOT handshake at all and I don't want to move beyond this part of the tutorial until I finish it.

It's disheartening because it's obviously working. Just the process of it doing its job is out of my control. Could it be that I need something like the WiFi Pineapple Nano? Perhaps another router with my wlan card would work fine, it's just this config?

Any help from someone in expertise in this matter would be greatly appreciated.

bump. I put more details in the post and took screenshots of EVERY STEP.

http://imgur.com/a/sOXC8​

first step is to set terminal to root, then bring down the adapter.

then set adapter to monitor mode.

then for the 3rd, 4th, and 5th screenshot, I killed all the network processes running (discovered with airmon-ng check wlp1s0. I used kill to bring them down. However avahi​-daemon is still up. I even used service avahi-daemon stop, but nothing I do brings those processes down.

I'm assuming they aren't interfering with anything (but they may be the problem?)
6th screenshot is airodump-ng wlp1s0 which starts the network analyzer.
the 7th screenshot selects the network I want to attack.
airodump-ng -c 1 --bssid [mac] wlp1s0
the 8th screenshot shows my deauth attack.
aireplay-ng -0 0 -a [mac] wlp1s0
the 9th screenshot shows the slow attack. the timestamps indicate the frequency of each deauth and it isn't nowhere as near as fast as the video. It doesn't DOS my router at all...
WOW the link doesn't seem to want to work here... so I'll just have to fucking upload them all.






5: Image is too big for upload. heree...... http://i63.tinypic.com/24paoma.png

7: Image is too big for upload. again... http://i66.tinypic.com/33ze8ht.png
8: Image is too big for upload... yet again. http://i68.tinypic.com/30htz7c.png
9: Business as usual. http://i63.tinypic.com/axbq55.png

So I discovered something pretty important. I commented out the avahi-daemon.conf respawn in /etc/init/avahi-daemon .

Then I was able to get rid of it by repeating the service avahi-daemon stop --- 2 - 3 times.

Then when I go to do the deauth, it tells me I'm on the wrong channel. (Which is usually set prior with airodump-ng -c 1 --bssid [mac] wlp1s0.)

Here is the exact response, or something to this effect, since the interface channel is random.

root@Defial:/home/defialpro# aireplay-ng -0 0 -a B4:75:0E:B1:AE:73 wlp1s0

20:33:29 Waiting for beacon frame (BSSID: B4:75:0E:B1:AE:73) on channel 12

20:33:29 wlp1s0 is on channel 12, but the AP uses channel 1

(I also have a screenshot of this if you need it.)

With avahi-daemon gone, I cannot start the aireplay-ng attack, because it tells me my interface is set on the wrong channel, which will be randomly selected every time I try to run the command.

If avahi-daemon is running... I can run the aireplay-ng attack, just it's too slow for it to be usable...

So what do you think?

I understand what's happening now. The channel for the adapter is changing randomly and only when it's at the appropriate channel (1) does it actually do the deauth.

The only reason why it goes through at all, is because I get lucky and when I run it, it initializes. So that's why the time is so intermittent.

How do I get about setting my channel? I see iwconfig wlp1s0 channel 1 -- as the command.

But I get this.

Error for wireless request "Set Frequency" (8B04) :
SET failed on device wlp1s0 ; Device or resource busy.
root@Defial:/home/defialpro#

please note I've tried everything under the sun from ifconfig wlp1s0 down; sudo service network-manager-stop; airmon-ng check wlp1s0 / killing necessary processes.

So it still being busy after these things is confusing... it's making me furious.

Hey all! I'm contacting you because I need some assistance and will pay for it.

I want to become a infosec specialist / pen tester. Right now I'm in Helpdesk, and have been doing it for 5 years. Although, I have a lifetime worth of computer experience, as it has always been a hobby of mine. I'm explaining this because, I've spent over 10 hours on this so far, and it means a lot to me, while ultimately it's very distressing.

I am following this course: https://www.udemy.com/penetration-testing/learn/#/ by Ermen and Jeremy Banfield. Got it for pretty cheap $30 :).

So here's my thread I made on the hak5 forum. https://forums.hak5.org/index.php?/topic/37821-aircrack-help/

Basically what I do is ifconfig wlp1s0 down.

Then iwconfig wlp1s0 mode monitor

Then I check running processes on the adapter with airmon-ng check wlp1s0. I kill all those processes.

Then I do : airodump-ng wlp1s0 . -- I grab the mac address and channel on the wap. select my router with airodump-ng -c 1 --bssid mac address wlp1s0

This basically isolates the connection to my router.

Then I do aireplay-ng -0 0 -a mac wlp1s0 and it starts the deauth. But in the UDEMY course video, the deauths being sent are multiple times a second. Sometimes it mine takes over 10 seconds in-between deauths, and sometimes it will deauth 2 to 3 times in a row quickly. It just seems very buggy. The only thing I can think of, is that I cannot set the channel on the iwconfig, no matter what I do.

when I do iwconfig wlp1s0 channel 1 , it comes back as device busy, despite killing all the processes listed with airmon-ng check wlp1s0. So I never get close to a DOS attack on my router and I can never get the handshake.

I purchased the wifi pineapple to see if maybe that network card will work better. Right now I'm using the Intel wlan 8260 on my yoga 900. my distro is Ubuntu 16.04 / Gnome 3, and i'm using Kalintoo to have everything installed that Kali Linux has to offer.

Please Please Please take a look at this. http://imgur.com/a/sOXC8 --- the last image shows the problem in the timestamps.

Thank you for your time.

Good News! I used a usb wifi adapter and was able to DOS / Handshake just fine. It seems to be the wlan card. :(