Hello everyone, I've recently bought a AVM FRITZ WLAN N v2 [RT5572] which is dual-band and I was interested in performing some tests on the 5 GHz spectrum.
The wifi uses the rt2800usb which supports packet injection (or it should).


I downloaded a fresh Kali iso 2016.2 64 bit iso and powered it up on a VMWare Fusion VM.
I connected the wifi which is recognised by Kali and rt2800usb is loaded.
I put the card in monitor mode (killing everything that was interfering)
The card goes into monitor mode for both 2.4 GHz and 5 GHz channels and I can see traffic on all channels
I tried the injection test with aireplay-ng and it works on the 2.4 GHz but on the 5 GHz it says it doesn't see APs
I tried Python + scapy to see if I could generate (for example) deauth packets using this script https://github.com/catalyst256/MyJunk/blob/master/scapy-deauth.py and I used wireshark on the attacker and victim machine to see what was going on, here the results:

On the 2.4 GHz, on the attacker machine, I see 2 packets being generated and the victim receives 1 packet
On the 5 GHz, on non-DFS channels (e.g. 44), on the attacker machine, I see 2 packets being generated and the victim receives 1 packet
On the 5 GHz, on DFS channels (e.g. 56), on the attacker machine, I see 1 packet being generated and the victim receives 0 packet



What do you think is going on here?
Might aireplay have a bug?
Is there a difference between DFS and non-DFS channels on the 5 GHz spectrum that justify this behavior?
I'm quite confused :confused:

Update:
I tried to perform some more tests by changing the region of my card.
I selected a region that has non-DFS channels set as DFS channels and the result is that I cannot send deauth packets.
I guess this has something to do with the driver, when the regulatory database specifies that a certain channel is DFS, it "blocks" packet injection.