Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Capturing Wifi Control Frames on MacOS

From: "Shahed Moolji" <shahed100@xxxxxxxxx>
Date: Tue, 13 Jan 2009 01:29:38 +0000
Ok I think I get it ...

So If I really want to see whats going on (like how an client
associates with an AP)
I just need to have another device talk to the AP, and monitor the
conversation..

THANKS !!

2009/1/13 Guy Harris <guy@xxxxxxxxxxxx>:
>
> On Jan 12, 2009, at 5:05 PM, Shahed Moolji wrote:
>
>> I have a MacMini running 10.5.4, and though I can capture data frames
>> on en0, when I try to capture wifi headers, the wifi connection drops.
>
> Many 802.11 adapters and their drivers will
>
>        1) only supply control or management frames in monitor mode
>
> and
>
>        2) not remain associated with a network in monitor mode.
>
> Unfortunately, this includes at least some of the Mac adapters and Mac
> OS X drivers.
>
>> I have searched a bit and see some users having problems, but am not
>> sure if this is a know issue, as the wiki seems to suggest that
>> capturing
>> Link Layer frames should work on MacOS.
>
> It *does* work.
>
> It just doesn't work while associated with a network.
>
> To quote the Wiki page to which I assume you're referring:
>
>        So in order to capture all traffic that the adapter can receive, the
> adapter must be put into "monitor mode", sometimes called "rfmon
> mode". In this mode, the driver will not make the adapter a member of
> any service set, so it won't support sending any traffic and will only
> supply received packets to a packet capture mechanism, not to the
> networking stack. This means that the machine will not be able to use
> that adapter for network traffic; if it doesn't have any other network
> adapters, it will not be able to:
>
>                o resolve addresses to host names using a network protocol such as
> DNS;
>                o save packets to a file on a network file server;
>        etc..
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>