我试图了解在将Mac设置为监视模式时会发生什么。如果不使用监视模式,使用ifconfig命令,我会发现'en0'是活动接口。但是在监视模式下,我得到以下结果:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
ether 70:56:81:b9:43:e5
nd6 options=1<PERFORMNUD>
media: autoselect (<unknown type>)
status: inactive
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 32:00:1a:7f:0a:40
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:56:81:b9:43:e5
media: autoselect
status: inactive
awdl0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether ee:85:08:e0:ba:17
nd6 options=1<PERFORMNUD>
media: autoselect
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 72:56:81:9b:d1:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
nd6 options=1<PERFORMNUD>
media: <unknown type>
status: inactive
我正在尝试使用scapy来嗅探无线网络。当我运行scapy时,它显示的iface为'lo0',并且没有捕获任何数据包。我查看了很多关于此问题的答案,但大多数都是针对ubuntu的,并且说当您将系统置于监视器模式时,您会得到'mon0'接口,然后将其传递给scapy进行嗅探。但在mac上,我没有得到像'mon0'这样的任何内容,事实上,在监视器模式下,所有接口都变为不活动状态。请有人帮助我理解发生了什么?
PS:WireShark和Tcpdump在监视器模式下工作得很好,而且当不在监视器模式下时,scapy也可以捕获帧。但我对管理帧感兴趣,因此我需要scapy在监视器模式下捕获这些帧。TIA :)