mdk3 non è incluso nella suite aircrack-ng al momento, ma sembra che abbiano iniziato a collaborare qualche tempo fa. Guarda questo: link
Forse in futuro potrebbe essere integrato. In effetti, il nuovo MDK3 utilizza la libreria di osdep injection dal www.aircrack-ng.org progetto.
La differenza tra aireplay-ng (inclusa nella suite aircrack-ng) e mdk3 è fondamentalmente che mdk3 invierà sia pacchetti di disassociazione che di de-autenticazione, dove aireplay-ng invia solo pacchetti di de-autenticazione.
Per quanto riguarda il suo funzionamento ... fondamentalmente, mdk3 funziona sfruttando le debolezze del protocollo IEEE 802.11.
Ha molte MODALITÀ DI PROVA:
b - Beacon Flood Mode
Sends beacon frames to show fake APs at clients. This can sometimes crash network scanners and even drivers!
a - Authentication DoS mode
Sends authentication frames to all APs found in range. Too much clients freeze or reset some APs.
p - Basic probing and ESSID Bruteforce mode
Probes AP and check for answer, useful for checking if SSID has been correctly decloaked or if AP is in your adaptors sending range SSID Brute-forcing is also possible with this test mode.
d - Deauthentication / Disassociation Amok Mode
Kicks everybody found from AP
m - Michael shutdown exploitation (TKIP)
Cancels all traffic continuously
x - 802.1X tests
w - WIDS/WIPS Confusion
Confuse/Abuse Intrusion Detection and Prevention Systems
f - MAC filter bruteforce mode
This test uses a list of known client MAC Adresses and tries to authenticate them to the given AP while dynamically changing its response timeout for best performance. It currently works only on APs who deny an open authentication request properly
g - WPA Downgrade test
Deauthenticates Stations and APs sending WPA encrypted packets. With this test you can check if the sysadmin will try setting his network to WEP or disable encryption.
Una prova del concetto su come testarlo, qui .