gaqvietnam.blogg.se

With versions earlier than 1.4, see the description of how to enable monitor mode on 10.5.x.

With Wireshark 1.4 or later, to capture in monitor mode on an AirPort Extreme device, check the “Monitor mode” checkbox in the “Capture Options” dialog (in Wirehark before 1.8) or in the “Edit Interface Settings” dialog for the interface in Wireshark 1.8 and later. In Mac OS X 10.6.x (Snow Leopard) and later versions, monitor mode is supported 802.11 headers are provided, and non-data frames are captured, only in monitor mode. To capture in monitor mode on an AirPort Extreme device, select a “Link-layer header type” other than “Ethernet” from the Capture -> Options dialog box in Wireshark or by selecting a link-layer header type other than “EN10MB” with the “-y” flag in TShark or from the command line in Wireshark (the available link-layer types are printed if you use the “-L” flag).

In Mac OS X 10.5.x (Leopard), monitor mode is supported 802.11 headers are provided, and non-data frames are captured, only in monitor mode. On PowerPC Macs, you will have to enable that device by changing the !APMonitormode property in the /System/Library/Extensions/AppleAirport2.kext/Contents/ist property list file to have the value “true” () and rebooting on Intel Macs, that device is enabled by default. To capture in monitor mode on an AirPort Extreme device named en n, capture on a device named wlt ninstead – for example, if your AirPort Extreme device is named en1, capture on wlt1. In Mac OS X 10.4.x (Tiger) (at least in later updates), monitor mode is supported 802.11 headers are provided, and non-data frames are captured, only in monitor mode. In Mac OS X releases prior to 10.4.0 (Panther and earlier), neither monitor mode, nor seeing 802.11 headers when capturing data, nor capturing non-data frames are supported – although promiscuous mode is supported. Using Apple’s own AirPort Extreme 802.11 wireless cards: Here is a very good link and the details of how to make it work on a Mac OS X. The key is to get all the packets to include the management frames. A packet capture does not lie and can be very informative. When troubleshooting wireless issues its always best to start at the source.