Skip to content

Instantly share code, notes, and snippets.

@dropmeaword

dropmeaword/macbook_sniffing.md

Last active August 29, 2015 14:17
Show Gist options
  • Save dropmeaword/874ffc4980721e418b5e to your computer and use it in GitHub Desktop.
Save dropmeaword/874ffc4980721e418b5e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
macbook_sniffing.md

Learn more about probes

Vid explaining the gist of it

Setting your macbook in monitor mode

Create a symlink to the airport tool:

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport
airport

Use airport to sniff the radio:

airport sniff 9
sudo airport sniff 9

The sniffer will create a capture file in the tmp directory, copy it to your Desktop, example:

cp /tmp/airportSniffxpiYwo.cap ~/Desktop/

You now have a capture file, but in order to read and understand something from it you need to load it with a tool that will allow you to inspect its contents.

Download and install wireshark

Get it https://www.wireshark.org/download.html. (You will need X11, get http://xquartz.macosforge.org/landing/)

Wireshark filters

[http://www.lovemytool.com/blog/2010/07/wireshark-wireless-display-and-capture-filters-samples-part-2-by-joke-snelders.html](Read more here).

The filter I used to get the probe frames:

wlan.fc.type_subtype eq 4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment