This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello, everyone!

I recently got a Raspberry Pi and I'm trying to use it to count the traffic outside my house based on wifi pings from smart phones. Seems pretty basic... I set my interface to monitor mode and used tshark to capture to a file for 5 minutes.

But while looking at the captured packets I can't seem to find any that match my iPhone's MAC address (Found in Settings > General > About > Wifi Address). I figured as a test I would at least be able to pick up my phone but it doesn't seem to be capturing it. Any suggestions on what I may be doing wrong?

Thanks!

asked 16 Nov '15, 12:55

wonderlemming's gravatar image

wonderlemming
21113
accept rate: 0%


Update: I discovered by taking my computer & phone into the sublevels of a parking garage so that the only signals I would be picking up would be from my phone. Tuuuurns out, iPhones mask their MAC addresses while sending out probe requests. With a little research I found out that iPhones do this to try and protect your identity a little better.

So, I was picking up my phone but not with the MAC address it listed in the settings!

permanent link

answered 04 Dec '15, 12:44

wonderlemming's gravatar image

wonderlemming
21113
accept rate: 0%

This security feature is documented at Apple Support for iOS 8 release. Refer to the link below:

https://support.apple.com/en-us/HT201395

Refer to the WiFi section of the release, restated here for convenience: "WiFi:

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A device may be passively tracked by its WiFi MAC address Description: An information disclosure existed because a stable MAC address was being used to scan for WiFi networks. This issue was addressed by randomizing the MAC address for passive WiFi scans."

As stated by @wonderlemming, this means that Probe Requests from iOS devices will have a randomized MAC address. With that being said, I have done some WiFi sniffing and found real MAC addresses from Apple devices running iOS 8 or later.

(07 Dec '15, 08:59) Amato_C

Checkout the info collected on WLAN capture

permanent link

answered 17 Nov '15, 02:57

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×26
×3
×1

question asked: 16 Nov '15, 12:55

question was seen: 1,814 times

last updated: 07 Dec '15, 08:59

p​o​w​e​r​e​d by O​S​Q​A