On Jan 12, 2009, at 5:05 PM, Shahed Moolji wrote:
I have a MacMini running 10.5.4, and though I can capture data frames
on en0, when I try to capture wifi headers, the wifi connection drops.
Many 802.11 adapters and their drivers will
1) only supply control or management frames in monitor mode
and
2) not remain associated with a network in monitor mode.
Unfortunately, this includes at least some of the Mac adapters and Mac
OS X drivers.
I have searched a bit and see some users having problems, but am not
sure if this is a know issue, as the wiki seems to suggest that
capturing
Link Layer frames should work on MacOS.
It *does* work.
It just doesn't work while associated with a network.
To quote the Wiki page to which I assume you're referring:
So in order to capture all traffic that the adapter can receive, the
adapter must be put into "monitor mode", sometimes called "rfmon
mode". In this mode, the driver will not make the adapter a member of
any service set, so it won't support sending any traffic and will only
supply received packets to a packet capture mechanism, not to the
networking stack. This means that the machine will not be able to use
that adapter for network traffic; if it doesn't have any other network
adapters, it will not be able to:
o resolve addresses to host names using a network protocol such as
DNS;
o save packets to a file on a network file server;
etc..