I replied to a previous comment with a long reply from GLt-iNet app o discover that I reached my reply limits from the app and that comment simply vanished in no where!
Yes, you are right, and my previous comment I spoke about more professional specific tools and software to achieve better results. I myself use a Kali Linux with a modified Realteek WLAN adapter that comes with a driver that permits packet injection and promiscuous mode with no further modifications even on Windows! It isn't Alpha though, and costs about 160 USD with detachable antennas.
I agree with you that flipper is a toy, but that is a heck of a all-in-one toy. With the Dev Marauder ESP32, spamming the AP with the same name, crating an Evil Portal, Rick Roll attacks is really really easy even for non experts
I used it to clone swimming pool NFC cards which my kid keeps losing, analyze my garage frequency and clone the RF signal, and gave a nice grin with Tesla charging door!
I am using WPA3 and have a password 25 of letters numbers and symbols from a password generator, but are you saying these are deauths coming from somewhere because these are the only thing my router is logging.
Deauth reason 2 means that the previous authentication is no longer valid.
Meaning that you likely had changed between wpa2 and wpa3 this means the device hangs on a encryption key which no longer is recognized.
^ of course it is possible to sent a deauth with any code, but i see this as a very low chance, i see this always happen on my network after a upgrade some devices just work very broken in these scenarios even when i restart them, so its worth to identify them.
See it like ssl certificates for a bit as example, when this has been changed the certificate fail, likely due to the change, the router sents a different wpa2 key than before even though password remains unchanged, so it is advised to forget wifi and re-associate keys.
As for snort...
snort is very resource intensive you need atleast 4gb ram, while the flint 2 uses 7-8gb ram, it also shares it as storage, and a minimum requirement of a dual core, flint 2 uses quad so you are fine... but snort takes a while to correctly configure + i don't believe this version comes with ui.
^ then snort also constantly reads and writes, this is not so recommended on flash memory.
My advise if you really like a IDS system to have it appart from your router
on the other hand you can also look into something lighter like banip, this is less evasive but blocks malicious ip.
Also you made similar posts about this, but not answered anything what steps you already perform to fix it.
On your post about de-authing here i already gave you a awnser.
So what did you do with it?, my suggestion was to reset devices wifi, did you?, did it still happen?
A de-auth can also be just a legitimate kick by the router, the de-auth reason code gives insight what it is, i noticed 2 which ment that the device mismatch with the matched key chain probably due a new initialization of a different wpa2 seed, and the client doesn't know how to handle a new request for the new crypto key, so you have to do that manual by forgetting the network and re-connecting to it.
But a de-auth packet can also be spoofed with a reason code in a attack, though i don't think this is happening, the truth is this type error is very common on older 2.4ghz devices especially when you upgrade the router, or changed seed these devices have no way to refresh it and stay on a broken handshake in where the router responds with reason 2.
