Ask Your Question
0

Cannot capture packets in monitor on Mac Mojave

asked 2018-10-05 17:19:33 +0000

ohy1994 gravatar image

I can capture the non monitor mode packets but can't capture in monitor mode. Could it be a bug around Mojave? Used my friend's older macbook and could do it

edit retag flag offensive close merge delete

Comments

Mojave 10.14.1, no packets with en0 in monitor mode.

TnIan gravatar imageTnIan ( 2019-02-22 21:16:43 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted
0

answered 2019-02-22 21:28:05 +0000

Guy Harris gravatar image

Try doing

tcpdump -i en0 -I

and see if you get any traffic.

If not, this is an issue with macOS, not with Wireshark, so go to the Apple bug reporter. If you don't have an account, create one. Then file a bug on this; include the full result of "System Report" from "About This Mac" (you can save from there).

edit flag offensive delete link more
0

answered 2018-10-06 14:47:15 +0000

Bob Jones gravatar image

Just upgraded without issue. Monitor mode produced expected traffic flows on my WiFi networks.

edit flag offensive delete link more

Comments

Did you have to enable certain security settings? Wireless diagnostic is working correctly to capture packets but not wireshark.

ohy1994 gravatar imageohy1994 ( 2018-10-07 03:03:05 +0000 )edit

No, wireshark worked fine, but it was previously installed prior to upgrade.

Bob Jones gravatar imageBob Jones ( 2018-10-07 07:59:01 +0000 )edit

Ah that's odd, let me try asking around my friends who have Mojave to test. Thanks a lot!

ohy1994 gravatar imageohy1994 ( 2018-10-07 10:49:43 +0000 )edit

Apple may have "improved" some of their AirPort drivers; see bug 15268, which has a Mojave capture with a bad Radiotap header. Perhaps Apple "improved" the Mojave driver for your machine's Wi-Fi adapter so that it doesn't support monitor mode.

Guy Harris gravatar imageGuy Harris ( 2018-11-09 03:19:21 +0000 )edit

I am seeing the same issue, if enable the monitor mode in en0 which is the wireless interface. The wireshark cannot capture any packets but seems like the Wireless Diagnostics is able to capture frames.

weisheng gravatar imageweisheng ( 2019-01-13 09:57:41 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2018-10-05 17:19:33 +0000

Seen: 3,559 times

Last updated: Feb 22 '19