Results 1 to 1 of 1

Thread: How To: Packet Capture for Eye P.A. with OS X

  1. Default How To: Packet Capture for Eye P.A. with OS X

    Right now, Riverbed's AirPcap NX is the only Wi-Fi capture device that is available for Windows. If you don't have an AirPcap NX, but you have a Mac, you are in luck! OS X includes a great way to get PCAP files for use with Eye P.A. and WireShark.

    Open the Wireless Diagnostics Utility

    The Wireless Diagnostics utility is buried in the System folder, so use Spotlight to find it. Press Command + Space and Search for "Wireless Diagnostics".

    Since OS X has to put the card in monitor mode, it will ask for your password to do so.

    Open the Utilities Window

    You can click "Window > Utilities", or press "Command + 2" to open it immediately.

    Capture all the Things!

    Click on the "Frame Capture" tab, select the Wi-Fi channel that you want to capture on, and click "Start". Note that this will put your wireless card into monitor mode, so you won't be able to use it for anything else. When you are finished, click "Stop". A "wcap" file will be placed on the desktop.

    Rename the wcap File to pcap

    Eye P.A. doesn't open wcap files yet, so rename the filename extension from wcap to pcap. It's silly, we know, so this step will disappear soon.

    Move it to Your Windows Machine or Virtual Machine

    Move it with Dropbox or BitTorrent Sync to your Windows machine. You could also use a flash drive, burned DVD, floppy disk, or punch card to move it to the other machine, but come on! You can do better than that. Use BitTorrent Sync for a quick and efficient win.

    If you are running Windows in a virtual machine on your Mac, set up desktop sharing or drag & drop it into your virtual machine.

    MMMmmmm... Packets

    Open the pcap file in Eye P.A. and enjoy those delicious packets.

    Last edited by Joel; 12-06-2013 at 12:39 AM.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts