I would really appreciate help on this, it would make a great demo for job interviews, and would be an awesome skill to have. The last try: I used the raw tcpdump command as root, with and without the -p flag (without -p means run in promiscuous mode), and then analyzed the packets from the pcap file, which there were plenty of, just not any from any other machines.Ĭlearly there is something I am missing, maybe some kind of internal configuration deal. In 'monitor mode', you capture packets from all the networks operating on a chosen channel (possibly even adjacent channels - there is a reason that 802.11 DSSS beacons contain the channel number in the payload), and the driver does not output plain ethernet, but needs to output more headers (there are 3 addresses in a 802.11 header, instead of.
I've added the wireless SSID and password to wireshark, and applied that change, I also tried disconnecting and reconnecting my iPhone to the network several times, hoping to pick up the traffic from there.
(en0 is the only internet interface on a macbook air, the other options being loopback, and peer to peer). I've tried using WireShark, with the "promiscuous" box checked, on my en0 interface. I've been following pretty diligently, but it seems like no matter what I do I cannot capture packets of other devices on my network. To prevent such issues, it’s important to use non-promiscuous mode or turn on the Ethernet address display in tcpdump. I'm on a MacBook air, and I got a book form the library about wireless network security. If the Ethernet address display is not turned on and the NIC is in promiscuous mode, it will incorrectly show that there are no problems on the network.
0 kommentar(er)
