First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Cannot capture packets in monitor on Mac Mojave

  • retag add tags

I can capture the non monitor mode packets but can't capture in monitor mode. Could it be a bug around Mojave? Used my friend's older macbook and could do it

ohy1994's avatar
1
ohy1994
asked 2018-10-05 17:19:33 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Mojave 10.14.1, no packets with en0 in monitor mode.

TnIan's avatar TnIan (2019-02-22 21:16:43 +0000) edit
more
  • delete
add a comment see more comments

2 Answers

0

Just upgraded without issue. Monitor mode produced expected traffic flows on my WiFi networks.

Bob Jones's avatar
1.5k
Bob Jones
answered 2018-10-06 14:47:15 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Did you have to enable certain security settings? Wireless diagnostic is working correctly to capture packets but not wireshark.

ohy1994's avatar ohy1994 (2018-10-07 03:03:05 +0000) edit
more
  • delete

No, wireshark worked fine, but it was previously installed prior to upgrade.

Bob Jones's avatar Bob Jones (2018-10-07 07:59:01 +0000) edit
more
  • delete

Ah that's odd, let me try asking around my friends who have Mojave to test. Thanks a lot!

ohy1994's avatar ohy1994 (2018-10-07 10:49:43 +0000) edit
more
  • delete

Apple may have "improved" some of their AirPort drivers; see bug 15268, which has a Mojave capture with a bad Radiotap header. Perhaps Apple "improved" the Mojave driver for your machine's Wi-Fi adapter so that it doesn't support monitor mode.

Guy Harris's avatar Guy Harris (2018-11-09 03:19:21 +0000) edit
more
  • delete

I am seeing the same issue, if enable the monitor mode in en0 which is the wireless interface. The wireshark cannot capture any packets but seems like the Wireless Diagnostics is able to capture frames.

weisheng's avatar weisheng (2019-01-13 09:57:41 +0000) edit
more
  • delete
add a comment see more comments
0

Try doing

tcpdump -i en0 -I

and see if you get any traffic.

If not, this is an issue with macOS, not with Wireshark, so go to the Apple bug reporter. If you don't have an account, create one. Then file a bug on this; include the full result of "System Report" from "About This Mac" (you can save from there).

Guy Harris's avatar
19.9k
Guy Harris
answered 2019-02-22 21:28:05 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer