when I run the command airport
, it tells me it is sniffing:
Sniffing on channel 1:
airport en1 sniff 1
I have noticed that many log files are created in /private/tmp
There may be some bad actor that has done this to my mac.
How can I disable airport from sniffing?
I killed it using its PID, but it starts again.
Best Answer
If you run
airport
without arguments it just prints a description of its options and examples of how to use some of them, includingairport en1 sniff 1
to start sniffing. It does not report the current state of the interface.To actually start sniffing you need to call the command as shown (and replace
en1
with your actual WiFi interface):It will keep running (and capturing) until you press Ctrl-C. To analyze the captured data you can use
tcpdump
or Wireshark.