See when someone connects to any WiFi network in your area.

Watch Auth Command - Deauther V3 Tutorial on YouTube.

👉 For this tutorial, you'll need to start Huhnitor and connect to your Deauther V3. Haven't installed Huhnitor yet? Follow this tutorial to find out how.

What are Authentication Frames?

Authentication frames are small packets sent out by devices when trying to connect to a network. By looking for these frames we can detect whenever a device tries to connect to a WiFi network and gather info about said device.

How to use the command

Get an overview of the command structure and available arguments by typing:

help auth
Structure of the Auth Command and its available arguments
Structure of the Auth Command and its available arguments

You'll notice that all arguments are in square brackets, meaning they are optional.
Below the structure of the command, you'll find a list of all the available arguments, a small explanation, and their default value.

Argument Explanation
-bssid To monitor only specific networks, add the MAC address(es) here.
-ap To monitor only specific networks, add the ID(s) of the access point. You get the ID of an access point by first running the Scan Command.
-ch -channel Specify a channel or list of channels to only look for authentication frames there. This is to avoid channel-hopping which can lead to the loss of packets.
-ct -ctime This is to specify how long you'd like to remain on each channel before hopping to the next. You usually don't need to change this value but feel free to experiment.
-t -time Specify a time after which it will automatically stop monitoring.
-save This will save all Probe Requests that are detected while the auth command is running.

Running the command

After running the command you'll see a list of all parameters and below that, a table containing the information gathered from the captured authentication frames.

Results of a basic auth scan
Results of a basic auth scan
Column Information
RSSI This is the received signal strength of the packet. The bigger the number, the stronger the signal. A good signal could mean you're close to the device although a lot of factors play into the signal strength like the medium the signal needs to pass through.
Ch This is the channel the packet was captured on. This information is useful when monitoring multiple channels.
Vendor Here you can find the manufacturer of the device (provided it's in the database programmed into the Deauther V3).
MAC-Adress The MAC address of the device that is trying to connect to the network.
SSID The name (SSID) of the network the device which sent the packet is trying to connect to.
BSSID The MAC address of the specific access point/router the device is trying to connect to. This information could be interesting in a mesh network where multiple access points have the same SSID.

Combination with other commands

You can also combine the authentication scan with other commands. For example, you can use it to monitor fake networks you're advertising using the Beacon Command:

beacon "test ssid" -auth

Help us continue ❤️

Become a Github Sponsor or support us via Ko-fi!

Buy Me a Coffee at ko-fi.com