Community Tribal Knowledge Base

Macbook as Wi-Fi sniffer

Community Manager
Community Manager

There are many tools available for 802.11 sniffing such as our own AP Remote Packet capture, Wireshark, Wildpackets Airopeek, Wildpackets Omnipeek, Cace Technologies Airpcap, Airmagnet WiFi Analyzer, etc.. The following methods allows you to use your Macbook as a sniffer (network analyzer to capture 802.11 frames).

Putting the Mac client in Monitor mode:

Step 1.
sudo chmod 666 /dev/bpf*

Step 2.
/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport -z -c 11 ( where '11' is the channel number )

Note:
This will disconnect the Macbook from using its WiFi interface for data access since it will be used as a sniffer. So only use this on a Macbook that will be used for sniffing and not 802.11 association.

Using Wireshark

Step 1.
If Wireshark is not installed then go to www.wireshark.org/download.html and download the appropriate release according to your OS x and chipset model.

Step 2.
Launch Wireshark.

Step 3.
Go to Capture->Interfaces->Options in Wireshark for the wireless interface. In Link Layer Header type, pick the '802.11 plus BSD radio Information Header'.
Now hit 'Start' to capture.


Using tcpdump

If you want to use tcpdump instead then issue the following command:
sudo tcpdump -i en1 -s0 -vvv -y IEEE802_11_RADIO >> sniffertrace.pcap

Version history
Revision #:
2 of 2
Last update:
‎11-15-2011 08:39 AM
Updated by:
 
Labels (1)
Contributors
Comments
jerue

Hi ozwifi,

 

so first that is a greate article!

Can i return the hole config? So when i´m finish with sniffing, that i can use the macbook as a wifi client?

 

Or is this macbook than forever the master of sniffing? Smiley Wink

 

Best regards,

Jerue

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.