I am trying to monitor my own network, using a Mac running OS X 10.8, as I have multiple devices that connects to my router. Do I need an airpcap to monitor my own Apple Extreme? asked 17 Feb '13, 08:19  Trungy edited 17 Feb '13, 16:53  Guy Harris ♦♦ |
2 Answers:
No, you don't need AirPcap. Your machine is running OS X, so your AirPort adapter won't be called "wlan". If your Mac has a built-in Ethernet adapter, the AirPort adapter will be called en1 (with the Ethernet interface being en0), and if your Mac doesn't have a built-in Ethernet adapter (if, for example, it's a MacBook Air or a Retina MacBook Pro), the AirPort adapter will be called en0. AirPcap devices only work on Windows, and are only needed on Windows; Apple's AirPort adapters support monitor mode, and OS X supports putting adapters into monitor mode. In Wireshark 1.8, select Options from the Capture menu, make sure the AirPort adapter is checked in the list of interfaces, double-click it, check the "Capture packets in monitor mode" checkbox in the dialog box that pops up, click "OK", and then click "Start" in the Capture Options dialog box. answered 17 Feb '13, 17:09 Guy Harris ♦♦ |
If you need to see 802.11 radio layer information (Beacon frames etc) and you are running Windows, then, yes. If you don't need to see the radio layer then your existing laptop card should be enough. If you can run an OS that has tools to allow you to put the WiFi card into monitor/promiscuous mode (for example a Linux Distribution, like Backtrack), then you also do not need Airpcap. It might be a good idea to have a capture WiFi card though, because if you're connecting to the router by WiFi yourself you cannot capture with it while using it normally (or the other way around - capture might work, but normal operation doesn't while you do it). Take a look at this: http://wiki.wireshark.org/CaptureSetup/WLAN#Mac_OS_X answered 17 Feb '13, 09:39  Jasper ♦♦ edited 17 Feb '13, 10:59 |
I forgot to mention that I am running OS X 10.8. (Though I mentioned Apple Extreme.) Do I still need an airpcap?
Sorry, I'm not really familiar with the Apple products, I thought Apple Extreme is an Access Point, which would be connectable from any OS.
I added a link to the capture setup page to my original answer.
First of all, thank you for your help! I have looked at that document before (as well as numerous of others), but it seems like for whatever I do, I cannot get anything resembling wlan as one of my interface options. I was hoping someone could fill me into that one final step that I might be missing. Again, thanks for your help!
@Jasper: an Airport Extreme might be connectable-to from any OS, but if you want to monitor traffic on its network, you'll need something running in monitor mode or the equivalent; on Windows, with Wireshark, you'd need an AirPcap device, but you won't need one for OS X.
@Trungy: on Leopard and later (and 10.8 is definitely later), your Wi-Fi interface (if you have one; most modern Macs do), won't be called anything with "wlan" in it, it'll be called "en1" (if you have a built-in Ethernet interface, as the built-in Ethernet interface will be "en0") or "en0" (if you have no built-in Ethernet interface, e.g. on a MacBook Air or a Retina MacBook Pro).