Hello, everyone! I recently got a Raspberry Pi and I'm trying to use it to count the traffic outside my house based on wifi pings from smart phones. Seems pretty basic... I set my interface to monitor mode and used tshark to capture to a file for 5 minutes. But while looking at the captured packets I can't seem to find any that match my iPhone's MAC address (Found in Settings > General > About > Wifi Address). I figured as a test I would at least be able to pick up my phone but it doesn't seem to be capturing it. Any suggestions on what I may be doing wrong? Thanks! asked 16 Nov '15, 12:55  wonderlemming |
2 Answers:
Update: I discovered by taking my computer & phone into the sublevels of a parking garage so that the only signals I would be picking up would be from my phone. Tuuuurns out, iPhones mask their MAC addresses while sending out probe requests. With a little research I found out that iPhones do this to try and protect your identity a little better. So, I was picking up my phone but not with the MAC address it listed in the settings! answered 04 Dec '15, 12:44 wonderlemming |
Checkout the info collected on WLAN capture answered 17 Nov '15, 02:57  Jaap ♦ |
This security feature is documented at Apple Support for iOS 8 release. Refer to the link below:
https://support.apple.com/en-us/HT201395
Refer to the WiFi section of the release, restated here for convenience: "WiFi:
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A device may be passively tracked by its WiFi MAC address Description: An information disclosure existed because a stable MAC address was being used to scan for WiFi networks. This issue was addressed by randomizing the MAC address for passive WiFi scans."
As stated by @wonderlemming, this means that Probe Requests from iOS devices will have a randomized MAC address. With that being said, I have done some WiFi sniffing and found real MAC addresses from Apple devices running iOS 8 or later.