Tcpdump/Wireless/Mac: Difference between revisions
From charlesreid1
No edit summary |
|||
| Line 28: | Line 28: | ||
When you run tcpdump with the <code>-I</code> flag, it will put the card in monitor mode and automatically cycle through all the channels. This will significantly boost the amount of traffic you dump to your pcap file! | When you run tcpdump with the <code>-I</code> flag, it will put the card in monitor mode and automatically cycle through all the channels. This will significantly boost the amount of traffic you dump to your pcap file! | ||
===Listening to Specific Channel on Mac=== | |||
Note that you can also use airport to monitor a single channel, e.g., channel 7: | Note that you can also use airport to monitor a single channel, e.g., channel 7: | ||
| Line 34: | Line 36: | ||
sudo airport en1 sniff 7 | sudo airport en1 sniff 7 | ||
</pre> | </pre> | ||
{{TcpdumpFlag}} | {{TcpdumpFlag}} | ||
Latest revision as of 05:32, 27 January 2016
Monitor Mode in Mac
To put the wireless card into monitor mode, you can use the capital I flag -I with tcpdump.
Alternatively, you can use the airport utility, located at:
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport.
conveniently symlinked to /usr/local/bin:
sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/local/bin/airport
You can also use the -n flag to make things more readable.
sudo tcpdump -In -i en1 -w save.pcap
More information over at Unix Stack Exhange.
Channel-Hopping on Mac
When you run tcpdump with the -I flag, it will put the card in monitor mode and automatically cycle through all the channels. This will significantly boost the amount of traffic you dump to your pcap file!
Listening to Specific Channel on Mac
Note that you can also use airport to monitor a single channel, e.g., channel 7:
sudo airport en1 sniff 7
 |
tcpdump Utility for dumping network traffic
Tcpdump/Wireless · Tcpdump/Wireless/Mac · Tcpdump/Wireless/Linux
|