Entering Promiscuous Mode on OS X

December 29, 2014

#apple #reading #cybersecurity #technology

As a security professional on OS X, we often need (or simply want) to see all packets hitting our wireless interface rather than those just destined for it. As it turns out it’s remarkably easy to do with OS X.

Simply add the -I option to your tcpdump command (also works with tshark). From tcpdump’s manual:

Put the interface in "monitor mode"; this is supported only on IEEE 802.11 Wi-Fi interfaces, and supported only on some operating systems.

tcpdump -Ii en0

The cool thing about this is that it will show not just packet data, but also radio data, as shown in the capture above.

Enjoy.

[ NOTE: My book on tcpdump will be released sometime in 2015. ]

Follow On X Subscribe On YouTube Follow On LinkedIn

supporting = loving

For 29.5455 years I've been creating ad-free technical tutorials and essays here. 3,046 pieces and counting.

It's a one-person effort that's also my livelihood. If it makes your day easier or more pleasant in any way, please consider supporting the work with a monthly or one-time donation.

It helps me make more content, and is deeply appreciated as well. 🫶🏼

Monthly Support

♥ $5 ♥ $10 ♥ $25 ♥ $50 ♥ $100

One-Time Support

♥ $5 ♥ $10 ♥ $25 ♥ $50 ♥ $100

This post was tagged with:

HOME·BLOG·ARCHIVES·ABOUT