1 | initial version |
Yes, Apple broke monitor mode on at least some machines; I don't know how much of the issue is Mojave (where the breakage appears to have started) and how much of it is new hardware/software - Mojave worked on my old machine, but my new 16" MacBook Pro doesn't handle monitor mode...
...except when you open Wireless Diagnostics (Option+click on the Wi-Fi item in the menu bar, select "Open Wireless Diagnostics...", don't click the "Continue" button, select "Sniffer" from the "Window" menu, select a channel and channel width, and click "Start".
That runs an obscure program called "tcpdump" (as revealed by running "ps -ef" while the sniffing is in progress) from some special daemon that somehow manages to sprinkle pixie dust on tcpdump to allow it to capture in monitor mode. I have not managed to determine what sort of pixie dust that is, so I have no changes to make to libpcap to make it work better.
Note, however, that 1) this appears to dissociate my machine from the network (unlike older machines, where I was able to run in monitor mode and remain associated with the network and able to access other machines on the network - including our Internet gateway) and 2) doesn't always seem to reassociate when you stop capturing.