Sniffing open wireless traffic can be pretty interesting and entertaining. It’s amazing to see what gets transferred across a network. Just make sure you’re doing it legally.
Sniffing on Mac OS X is very similar to sniffing on any other operating system with a few small caveats.
1. Install MacPorts
This is the best package manager IMHO for OS X. You’ll need to install Apple XCode Developer tools prior to installing MacPorts. The install page details all that information here http://www.macports.org/install.php. It’s all very simple double click and install DMG
packages.
2. Install Wireshark
Open a Terminal:
nobody@nobody:~$ sudo port install wireshark
If you just start Wireshark
3. Create a Startup Script
Create this small script in /usr/bin/wireshark_start
#!/bin/sh osascript -e "do shell script "chown $USER /dev/bpf*" with administrator privileges"; wireshark &
Give it full execute permissions
nobody@nobody:/usr/bin$ sudo chmod +x wireshark_start
4. Configure Wireshark & Start Sniffing
Start Wireshark
nobody@nobody:~$ wireshark_start
Once Wireshark is open, choose Capture->Options, choose Interface ‘en1′, ensure ‘capture packets in monitor mode’ is enabled, click Start!
You should now be capturing packets. You’re pretty much ‘drinking from a fire hose’ so you need to make sure you utilize Wireshark’s Filter section. e.g. to filter http traffic, type in ‘http’ in the filter box and hit apply.
Pingback: Sniffing Traffic on Your Home Network
After installing, creating wireshark_start, and chmodding it, I attempt to run wireshark_start, osx prompts me for my password but then nothing. Eh?
Mark, if you run just the command ‘wireshark’ from the command line does wireshark open? You should see a white X icon in your dock appear since wireshark runs using X11.
Terminal just hangs in that situation and I have to ctrl-c it :/
Just wait a few (2-5) minutes.
Pingback: Firesheep, Blacksheep, and Protecting Your Wi-Fi Data | Wireless Networking Wifi
im new to this, everything works but i dont have a wireshark_start directory? is there supposed to be one created by the installation? im lost
Nate, wire_shark start isn’t a directory, it’s a script. You have to create it. See step 3.
ok well i dont know how to create the script. and also is /usr/bin under Development? because thats the only /usr/bin i found
Open up Terminal, type
cd /usr/bin
sudo vim wireshark_start
-press i (puts vim in insert mode)
-paste the script contents
press esc (exits insert mode)
press : x enter (saves and exits)
How can I sniff FTP traffic if its not in my network? For example, I live in Los Angeles and I want to sniff out a password from a website say in italy. How can I do that? Please help. Loving your ‘blog’ and posts.
Keep it up!