Sniffing open wireless traffic can be pretty interesting and entertaining. It’s amazing to see what gets transferred across a network. Just make sure you’re doing it legally.
Sniffing on Mac OS X is very similar to sniffing on any other operating system with a few small caveats.
1. Install MacPorts
This is the best package manager IMHO for OS X. You’ll need to install Apple XCode Developer tools prior to installing MacPorts. The install page details all that information here http://www.macports.org/install.php. It’s all very simple double click and install DMG
2. Install Wireshark
Open a Terminal:
nobody@nobody:~$ sudo port install wireshark
If you just start Wireshark at this point, no interfaces will show up. Your user needs to own /dev/bpf in order to use the interfaces.
3. Create a Startup Script
Create this small script in /usr/bin/wireshark_start
#!/bin/sh osascript -e "do shell script "chown $USER /dev/bpf*" with administrator privileges"; wireshark &
Give it full execute permissions
nobody@nobody:/usr/bin$ sudo chmod +x wireshark_start
4. Configure Wireshark & Start Sniffing
Once Wireshark is open, choose Capture->Options, choose Interface ‘en1′, ensure ‘capture packets in monitor mode’ is enabled, click Start!
You should now be capturing packets. You’re pretty much ‘drinking from a fire hose’ so you need to make sure you utilize Wireshark’s Filter section. e.g. to filter http traffic, type in ‘http’ in the filter box and hit apply.