1 | initial version |
I am not aware of any capabilities to create additional interfaces like we can in Linux with the iw command where we can add a monitor interface along with the normal managed interface.
On my Macbook, I disagree with @Christian_R's comments that this is not possible. I can be in monitor mode and continue to communicate on my local network at the same time, as the original question states as well.
Some workarounds include using CLI tools like dumpcap and tcpudmp. Try something like:
dumpcap -i en0 -I <capture options="">
If you don't want to save the frames collected, set some small ring buffer and then just throw away the files. This really isn't any different than running Wireshark, just maybe less obtrusive. Tcpdump could just print to the console so you could have a tab in a terminal and not even save any files. However, printing to the console can be slow so depending on traffic load, may not be the best choice.
Even with all of this, I am not sure how useful this is. The monitor mode channel obviously has to be the same channel as the managed mode connection so that the client stays connected to the local network. Maybe that's OK if there is only one channel to capture. Also, frames ToDS (i.e. from the Mac in monitor mode to the AP) don't seem to get picked up in monitor mode, so it is difficult to analyze the full conversion from the Mac itself. There may be other limitations as well but since it really isn't best practice to operate in this way, I avoid it, so do not know all the possible shortcomings.