Tcpdump/Wireless/Mac

From charlesreid1

Monitor Mode in Mac

To put the wireless card into monitor mode, you can use the capital I flag -I with tcpdump.


Alternatively, you can use the airport utility, located at: 

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport.

conveniently symlinked to /usr/local/bin: 

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/local/bin/airport


You can also use the -n flag to make things more readable. 

sudo tcpdump -In -i en1 -w save.pcap

More information over at Unix Stack Exhange.

Channel-Hopping on Mac

When you run tcpdump with the -I flag, it will put the card in monitor mode and automatically cycle through all the channels. This will significantly boost the amount of traffic you dump to your pcap file!

Listening to Specific Channel on Mac

Note that you can also use airport to monitor a single channel, e.g., channel 7: 

sudo airport en1 sniff 7





Defcon.png
tcpdump
Utility for dumping network traffic

Tcpdump  · Category:Tcpdump

Tcpdump/Wireless  · Tcpdump/Wireless/Mac  · Tcpdump/Wireless/Linux


Flags  · Template:TcpdumpFlag  · e



Retrieved from "https://charlesreid1.com/w/index.php?title=Tcpdump/Wireless/Mac&oldid=9212"