Mac 内置最强WI-FI抓包工具 Airport

许多Mac OS X用户对Mac缺乏复杂的网络分析工具感到遗憾，这些工具在Linux系统上普遍存在。许多人不知道的是Mac OS X附带了一个内置的命令行工具，可以对Wi-Fi网络进行各种的操作，从数据包捕获（流量监听）到扫描附近网络的信噪比。Airport是Apple 80211专用框架的一部分，该框架用于为Mac的Airport菜单栏图标提供动力。

1.帮助文件

在不带参数的情况下调用实用程序会显示一条有用的（如果不完整的）用法消息。在终端命令提示符下，键入：

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport

内容如下，其中包括了各种参数和配置信息

Usage: airport <interface> <verb> <options>

	<interface>
	If an interface is not specified, airport will use the first AirPort interface on the system.

	<verb is one of the following:
	prefs	If specified with no key value pairs, displays a subset of AirPort preferences for
		the specified interface.

		Preferences may be configured using key=value syntax. Keys and possible values are specified below.
		Boolean settings may be configured using 'YES' and 'NO'.

		DisconnectOnLogout (Boolean)
		JoinMode (String)
			Automatic
			Preferred
			Ranked
			Recent
			Strongest
		JoinModeFallback (String)
			Prompt
			JoinOpen
			KeepLooking
			DoNothing
		RememberRecentNetworks (Boolean)
		RequireAdmin (Boolean)
		RequireAdminIBSS (Boolean)
		RequireAdminNetworkChange (Boolean)
		RequireAdminPowerToggle (Boolean)
		WoWEnabled (Boolean)

	logger	Monitor the driver's logging facility.

	sniff	If a channel number is specified, airportd will attempt to configure the interface
		to use that channel before it begins sniffing 802.11 frames. Captures files are saved to /tmp.
		Requires super user privileges.

	debug	Enable debug logging. A debug log setting may be enabled by prefixing it with a '+', and disabled
		by prefixing it with a '-'.

		AirPort Userland Debug Flags
			DriverDiscovery
			DriverEvent
			Info
			SystemConfiguration
			UserEvent
			PreferredNetworks
			AutoJoin
			IPC
			Scan
			802.1x
			Assoc
			Keychain
			RSNAuth
			WoW
			P2P
			Roam
			BTCoex
			AllUserland - Enable/Disable all userland debug flags

		AirPort Driver Common Flags
			DriverInfo
			DriverError
			DriverWPA
			DriverScan
			AllDriver - Enable/Disable all driver debug flags

		AirPort Driver Vendor Flags
			VendorAssoc
			VendorConnection
			AllVendor - Enable/Disable all vendor debug flags

		AirPort Global Flags
			LogFile - Save all AirPort logs to /var/log/wifi.log

<options> is one of the following:
	No options currently defined.

Examples:

Configuring preferences (requires admin privileges)
	sudo airport en1 prefs JoinMode=Preferred RememberRecentNetworks=NO RequireAdmin=YES

Sniffing on channel 1:
	airport en1 sniff 1


LEGACY COMMANDS:
Supported arguments:
 -c[<arg>] --channel=[<arg>]    Set arbitrary channel on the card
 -z        --disassociate       Disassociate from any network
 -I        --getinfo            Print current wireless status, e.g. signal info, BSSID, port type etc.
 -s[<arg>] --scan=[<arg>]       Perform a wireless broadcast scan.
				   Will perform a directed scan if the optional <arg> is provided
 -x        --xml                Print info as XML
 -P        --psk                Create PSK from specified pass phrase and SSID.
				   The following additional arguments must be specified with this command:
                                  --password=<arg>  Specify a WPA password
                                  --ssid=<arg>      Specify SSID when creating a PSK
 -h        --help               Show this help

2.创建符号链接

首先为该实用程序创建一个符号链接（快捷方式），不必一直输入该长路径名：

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport / usr / bin / airport

3.显示本机网络信息

显示无线的当前状态 airport -I将提供有关当前无线连接的信息。

$ airport -I
    agrCtlRSSI: -64
    agrExtRSSI: 0
    agrCtlNoise: -91
    agrExtNoise: 0
    state: running
    op mode: station 
    lastTxRate: 48
    maxRate: 54
    lastAssocStatus: 0
    802.11 auth: open
    link auth: wpa-psk
    BSSID: 0:b:55:6:6f:2f
    SSID: SSID
    MCS: -1
    channel: 1

 4.显示周边网络

打印计算机范围内的Wi-Fi网络列表，但是与Airport菜单栏项不同的是，此报告为显示了一堆额外的精确数据，例如哪种加密协议（如果有） ）正在网络上使用：

airport en0 -s

内容如下：

                           SSID BSSID             RSSI CHANNEL HT CC SECURITY (auth/unicast/group)
              CU_liuguangkaiwifi c4:ff:1f:0e:9e:b8 -75  10      Y  -- WPA2(PSK/AES/AES) 
                   ChinaNet-kPU3 ec:f0:fe:4a:c4:18 -78  9       Y  CN WPA(PSK/TKIP,AES/TKIP) WPA2(PSK/TKIP,AES/TKIP) 
                    TP-LINK_6E35 fc:d7:33:26:6e:35 -71  6,-1    Y  -- WPA(PSK/AES/AES) WPA2(PSK/AES/AES) 
                             Ztt b0:6e:bf:e0:1d:70 -68  2       Y  -- WPA2(PSK/AES/AES) 
                         dua kor 04:cf:8c:d4:df:52 -78  3       Y  CN WPA2(PSK/AES/AES) 

• SSID：网络名称
• BSSID：对于网络AP的MAC地址
• RSSI： 信号强度
• HT：802.11n高吞吐量（HT）模式，使用HT混合模式的设备以旧802.11a / b / g方式和新802.11n方式传输。具体地，HT混合模式设备发送传统格式前同步码，然后发送HT格式前同步码。
• SECURITY：加密类型

5.过滤信息

查看哪些邻居尚未从WEP升级，使用grep进行过滤：

airport en0 -s | grep WEP

6.关闭airport

执行下面命令将关闭airport，

airport -z

接着，执行下面的命令可以实现MAC地址伪装 ，需要sudo才能执行此操作：

sudo ifconfig en0 lladdr 00:00:00:00:00:00:01 

该工具最棒的是流量嗅探和捕获数据包的能力。选择通道，需要sudo才能执行此操作：

7.信息捕获

sudo airport en0 sniff 6

• en0 本机无线网卡名称
• sniff 捕获命令
• 捕获通道

将在/ tmp目录中创建一个名为airportSniffXXXXXX.cap的文件，其中XXXXXX是唯一性字符串。然后，可以将此文件输入到网络分析器中，例如Wireshark离线查看流量或者通过Aircrack-Ng 实践之WPA / WPA2 PSK进行分析或者密码猜测。