Tcpdump/Wireless/Mac: Difference between revisions

Latest revision as of 05:32, 27 January 2016

Monitor Mode in Mac

To put the wireless card into monitor mode, you can use the capital I flag -I with tcpdump.

Alternatively, you can use the airport utility, located at:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport.

conveniently symlinked to /usr/local/bin:

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/local/bin/airport

You can also use the -n flag to make things more readable.

sudo tcpdump -In -i en1 -w save.pcap

More information over at Unix Stack Exhange.

Channel-Hopping on Mac

When you run tcpdump with the -I flag, it will put the card in monitor mode and automatically cycle through all the channels. This will significantly boost the amount of traffic you dump to your pcap file!

Listening to Specific Channel on Mac

Note that you can also use airport to monitor a single channel, e.g., channel 7:

sudo airport en1 sniff 7

@@ Line 28: / Line 28: @@
 When you run tcpdump with the <code>-I</code> flag, it will put the card in monitor mode and automatically cycle through all the channels. This will significantly boost the amount of traffic you dump to your pcap file!
+===Listening to Specific Channel on Mac===
 Note that you can also use airport to monitor a single channel, e.g., channel 7:
@@ Line 35: / Line 37: @@
 </pre>
-[[Category:Tcpdump]]
-[[Category:Networking]]
+{{TcpdumpFlag}}

Tcpdump/Wireless/Mac: Difference between revisions

From charlesreid1

Latest revision as of 05:32, 27 January 2016

Monitor Mode in Mac

Channel-Hopping on Mac

Listening to Specific Channel on Mac