Sniffing on a Mac (updated)

One of my first posts for this blog was a discussion of how Mac OS X users might perform WiFi sniffing. Enterprise-class sniffers only run on Windows, so my earlier post is about using a combination of KisMAC and Wireshark. This brief post is about using WildPackets OmniPeek.


Keith Parsons, the WiFi expert who runs WLANpros.com, informed me after my post that I should try running professional grade analyzers using a virtual machine like Parallels or VMWare Fusion. Well, here we are a mere 6 months later and I've finally taken the time to do it. And it works. And it is superb.

My basic setup includes the following:


  • MacBook Pro running Mac OS X 10.6.4 (Snow Leopard) with a 2.4 GHz processor and 4 GB of RAM
  • Windows XP Service Pack 3
  • Parallels Desktop 5
  • WildPackets OmniPeek Enterprise 6
  • Linksys WUSB600N 802.11n dual-band USB adapter
OmniPeek starts up and runs fine under this setup, though I did wonder if running in a virtual machine would compromise performance. I have yet to get a good answer for that. On the one hand I am seeing almost 20% CRC errors, which would indicate poor sniffer performance. On the other hand the wireless router in this office is inside a closet that has a large metal door (don't ask), which would explain poor sniffer performance. 

I'll do more work in the near future with OmniPeek (and, God willing, AirMagnet WiFi Analyzer) using Parallels Desktop. In the meantime, it's just good to know that I no longer have to boot back and forth whenever I run a professional grade WiFi sniffer.

Comments

  1. Way cool. So you prefer Parallels to VMWare Fusion? I've never tried either, so I'd like your opinion.

    Thanks!

    ReplyDelete
  2. This post is so good that I felt like posting to it twice and suggesting that you keep going with your testing. I think I'm going to follow in your footsteps on this one.

    Devin

    ReplyDelete
  3. Sorry for the late reply. I had problems getting VMWare Fusion to work, but that was probably a year and a half to two years ago. Parallels works so well for me now that I'm happy with that. Plus I dislike the fact taht VMWare gives Windows users VMWare Player for free but hammers Mac users for a license fee.

    ReplyDelete

Post a Comment

Popular posts from this blog

Spectrum Deception

What's New (and Missing) in the WiFi for iPhone 6

Free Sniffing in Windows! (Kind Of)