How to set NIC in promiscuous mode on mac book air?

363

TShark and tcpdump will put the interface into promiscuous mode unless you tell them NOT to do so with the -p flag - -p doesn't mean "promiscuous mode", it means "not promiscuous mode".

-I turns on monitor mode.

Note that if you're on a "protected" network using encryption, i.e. a network using WEP or WPA/WPA2, capture filters other than at the link layer won't work, because the packets being handed to the packet capture mechanism (BPF, in the case of OS X) do not have the payload decrypted. This means a filter such as "host 10.0.0.2" won't work.

Share:
363

Related videos on Youtube

Marcel
Author by

Marcel

Updated on September 18, 2022

Comments

  • Marcel
    Marcel over 1 year

    I try to implement Metadatatype, in order to seperate Validation attributes from my Acquisitiecode class, into the AcquisitiecodeAnnotations class.

    Now when I add attributes (like Required, StringLength and so on) to the Acquisitiecode class, validation works as expected. When I move these attributes to the AcquisitiecodeAnnotations class and bind this class using the MetadataType attribute, I does not work.

    Please find the code examples below (I've stripped them down for readability). Also, the project is an ASP.NET Core 3.0 web application. All code, including the examples are also running in.NET Core 3.0 projects.

    Snippet 1:

    using System;
    using System.ComponentModel.DataAnnotations;
    
    namespace Shared.Entities
    {
        [MetadataType(typeof(AcquisitiecodeAnnotations))]
        public partial class Acquisitiecode
        { }
    
        public partial class AcquisitiecodeAnnotations
        {
            [StringLength(4, ErrorMessage = "The value cannot exceed 4 characters. ")]
            public string Acquisitiecode1 { get; set; }
        }
    }
    

    Snippet 2:

    using System;
    using System.Collections.Generic;
    using System.ComponentModel.DataAnnotations;
    
    namespace Shared.Entities
    {
        public partial class Acquisitiecode
        {
            public Acquisitiecode()
            {
                Lidmaatschap = new HashSet<Lidmaatschap>();
            }
    
            public string Acquisitiecode1 { get; set; }
    
            public virtual Lid Lid { get; set; }
            public virtual ICollection<Lidmaatschap> Lidmaatschap { get; set; }
        }
    }
    
  • 0x90
    0x90 about 11 years
    what do you mean by BPF do not have the payload decrypted the key is identical to all the hosts in the network.
  • Admin
    Admin about 11 years
    I mean that the OS will not decrypt the packets before handing it to the code that implements filters, even though it will decrypt packets sent to the host (but not packets sent to some other host) before handing them to the networking stack. Therefore, any filter expression that looks at the IP layer, such as "host 10.0.0.2", will fail.
  • 0x90
    0x90 about 11 years
    So how can I sniff the packets ?
  • Admin
    Admin about 11 years
    If you're on a WEP or WPA/WPA2 network: don't use a capture filter, make sure you capture the initial EAPOL handshakes for all hosts you care about if it's a WPA/WPA2 network, and follow these directions in Wireshark (or manually add the keys to your Wireshark preferences file if you can only use TShark).