How to set NIC in promiscuous mode on mac book air?

macos bash network-adapter ifconfig tcpdump

363

TShark and tcpdump will put the interface into promiscuous mode unless you tell them NOT to do so with the -p flag - -p doesn't mean "promiscuous mode", it means "not promiscuous mode".

-I turns on monitor mode.

Note that if you're on a "protected" network using encryption, i.e. a network using WEP or WPA/WPA2, capture filters other than at the link layer won't work, because the packets being handed to the packet capture mechanism (BPF, in the case of OS X) do not have the payload decrypted. This means a filter such as "host 10.0.0.2" won't work.

363

Marcel

Updated on September 18, 2022

Comments

Marcel over 1 year

I try to implement Metadatatype, in order to seperate Validation attributes from my Acquisitiecode class, into the AcquisitiecodeAnnotations class.

Now when I add attributes (like Required, StringLength and so on) to the Acquisitiecode class, validation works as expected. When I move these attributes to the AcquisitiecodeAnnotations class and bind this class using the MetadataType attribute, I does not work.

Please find the code examples below (I've stripped them down for readability). Also, the project is an ASP.NET Core 3.0 web application. All code, including the examples are also running in.NET Core 3.0 projects.

Snippet 1:

using System;
using System.ComponentModel.DataAnnotations;

namespace Shared.Entities
{
    [MetadataType(typeof(AcquisitiecodeAnnotations))]
    public partial class Acquisitiecode
    { }

    public partial class AcquisitiecodeAnnotations
    {
        [StringLength(4, ErrorMessage = "The value cannot exceed 4 characters. ")]
        public string Acquisitiecode1 { get; set; }
    }
}

Snippet 2:

using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;

namespace Shared.Entities
{
    public partial class Acquisitiecode
    {
        public Acquisitiecode()
        {
            Lidmaatschap = new HashSet<Lidmaatschap>();
        }

        public string Acquisitiecode1 { get; set; }

        public virtual Lid Lid { get; set; }
        public virtual ICollection<Lidmaatschap> Lidmaatschap { get; set; }
    }
}

0x90 about 11 years

what do you mean by BPF do not have the payload decrypted the key is identical to all the hosts in the network.
Admin about 11 years

I mean that the OS will not decrypt the packets before handing it to the code that implements filters, even though it will decrypt packets sent to the host (but not packets sent to some other host) before handing them to the networking stack. Therefore, any filter expression that looks at the IP layer, such as "host 10.0.0.2", will fail.
0x90 about 11 years

So how can I sniff the packets ?
Admin about 11 years

If you're on a WEP or WPA/WPA2 network: don't use a capture filter, make sure you capture the initial EAPOL handshakes for all hosts you care about if it's a WPA/WPA2 network, and follow these directions in Wireshark (or manually add the keys to your Wireshark preferences file if you can only use TShark).