Macbook as Wi-Fi sniffer

By ozerdo posted Nov 13, 2011 09:37 PM


There are many tools available for 802.11 sniffing such as our own AP Remote Packet capture, Wireshark, Wildpackets Airopeek, Wildpackets Omnipeek, Cace Technologies Airpcap, Airmagnet WiFi Analyzer, etc.. The following methods allows you to use your Macbook as a sniffer (network analyzer to capture 802.11 frames).

Putting the Mac client in Monitor mode:

Step 1.
sudo chmod 666 /dev/bpf*

Step 2.
/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport -z -c 11 ( where '11' is the channel number )

This will disconnect the Macbook from using its WiFi interface for data access since it will be used as a sniffer. So only use this on a Macbook that will be used for sniffing and not 802.11 association.

Using Wireshark

Step 1.
If Wireshark is not installed then go to and download the appropriate release according to your OS x and chipset model.

Step 2.
Launch Wireshark.

Step 3.
Go to Capture->Interfaces->Options in Wireshark for the wireless interface. In Link Layer Header type, pick the '802.11 plus BSD radio Information Header'.
Now hit 'Start' to capture.

Using tcpdump

If you want to use tcpdump instead then issue the following command:
sudo tcpdump -i en1 -s0 -vvv -y IEEE802_11_RADIO >> sniffertrace.pcap



Nov 09, 2017 09:49 AM


Airtool application have made this simple. 


Easy access from UI options

Jun 02, 2016 02:51 AM

Hi ozwifi,


so first that is a greate article!

Can i return the hole config? So when i´m finish with sniffing, that i can use the macbook as a wifi client?


Or is this macbook than forever the master of sniffing? :smileywink:


Best regards,