 | 1 | initial version |
I've also run the tcpdump -i en0 -I command in the terminal and no packets showed up.
In other words, the answer to your question is the same as the answer to "Why does tcpdump not capture any data when in monitor mode?"
The answer, at least for newer Macs, appears to be "because Apple failed to make monitor mode work normally with Mojave or later on newer machines".
There is the sniffer in Wireless Diagnostics; Option+click the Wi-Fi item in the menu bar, select "Open Wireless Diagnostics...", select the "Sniffer" window from the Windows menu, and start capturing.
Unfortunately, 1) Apple haven't documented what magic they do to make that work (the "sniffer" is tcpdump, but it's apparently handed some Special Privileges to let it capture in monitor mode, and you don't get to, for example, pass a capture filter to it), 2) that appears to disassociate you from whatever wireless network you're on (older Macs could sniff in monitor mode and remain associated; I don't know if that's a hardware or software difference), and 3) I've had trouble reassociating after stopping the capture.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
