This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Quite new– basic monitoring question

0

Hello, everyone!

I recently got a Raspberry Pi and I'm trying to use it to count the traffic outside my house based on wifi pings from smart phones. Seems pretty basic... I set my interface to monitor mode and used tshark to capture to a file for 5 minutes.

But while looking at the captured packets I can't seem to find any that match my iPhone's MAC address (Found in Settings > General > About > Wifi Address). I figured as a test I would at least be able to pick up my phone but it doesn't seem to be capturing it. Any suggestions on what I may be doing wrong?

Thanks!

asked 16 Nov '15, 12:55

wonderlemming's gravatar image

wonderlemming
21113
accept rate: 0%


2 Answers:

1

Update: I discovered by taking my computer & phone into the sublevels of a parking garage so that the only signals I would be picking up would be from my phone. Tuuuurns out, iPhones mask their MAC addresses while sending out probe requests. With a little research I found out that iPhones do this to try and protect your identity a little better.

So, I was picking up my phone but not with the MAC address it listed in the settings!

answered 04 Dec '15, 12:44

wonderlemming's gravatar image

wonderlemming
21113
accept rate: 0%

This security feature is documented at Apple Support for iOS 8 release. Refer to the link below:

https://support.apple.com/en-us/HT201395

Refer to the WiFi section of the release, restated here for convenience: "WiFi:

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A device may be passively tracked by its WiFi MAC address Description: An information disclosure existed because a stable MAC address was being used to scan for WiFi networks. This issue was addressed by randomizing the MAC address for passive WiFi scans."

As stated by @wonderlemming, this means that Probe Requests from iOS devices will have a randomized MAC address. With that being said, I have done some WiFi sniffing and found real MAC addresses from Apple devices running iOS 8 or later.

(07 Dec '15, 08:59) Amato_C

0

Checkout the info collected on WLAN capture

answered 17 Nov '15, 02:57

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%