Monitor Mode in MacOS Sonoma
I am trying to find a way to enable monitor mode on my Mac. Is there any way to achieve this in the settings?
I am trying to find a way to enable monitor mode on my Mac. Is there any way to achieve this in the settings?
I figured out a funny 'hack' or workaround that works on MacOS 15.0 (I believe it is developer beta), so you can have live capture even after turning off the sniffer
in wireless diagnostics
Window
Window
menu, click on Sniffer
Wireshark
(I ran it as sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark
(not sure if you need this or not)en0
to monitor
You can then stop the Sniffer
and you will still be able to see live capture in Wireshark
, note: this will obviously turn off your managed wifi connection.
Rinse and repeat anytime you need to see live capture ...
GLHF
Fun fact: the program used by the Wireless Diagnostics "Sniffer" is (or, at least, is as of Ventura; I haven't tried it on Sonoma or Sequoia) called "tcpdump". Wireless Diagnostics does some unknown magic and then runs tcpdump on en0 with the -I flag.
That magic allows tcpdump to receive packets when monitor mode is turned on; it appearently allows any program, including dumpcap (which Wireshark runs to do its capturing), to do so. From what you say, at least in Sonoma, that means that any program that opens a Wi-Fi device for capturing while the magic is in place continues to be able to see monitor-mode traffic even after the program that did the magic stops tcpdump. I have some memory that you have to tweak the Wi-Fi adapter to re-associate with your network, so perhaps Wireless Diagnostics doesn't turn off the magic after stopping tcpdump.
Maybe the OSX section of the WLAN Capture Setup wiki page will help.
Please start posting anonymously - your entry will be published after you log in or create a new account.
Asked: 2024-03-20 13:11:09 +0000
Seen: 2,724 times
Last updated: Jun 27
How to switch Mac OS NIC to monitor mode during use internet
Forcing Mac OS X to reconnect in monitor mode
what is the capture/display filter to get RSSI information of WiFi users?
no packets captured in monitor mode
How to get monitor mode working in Mac OS Catalina
Why does Wireshark not capture any data when in monitor mode on my Mac?
Wireshark Promiscuous Mode not working on MacOS Catalina
monitor mode at home not working on OS X Catalina