MacOS – How to Disable Airport Sniffing

airportlaunchdmacoswifi

when I run the command airport, it tells me it is sniffing:

Sniffing on channel 1:
    airport en1 sniff 1

I have noticed that many log files are created in /private/tmp

There may be some bad actor that has done this to my mac.

How can I disable airport from sniffing?

I killed it using its PID, but it starts again.

Best Answer

If you run airport without arguments it just prints a description of its options and examples of how to use some of them, including airport en1 sniff 1 to start sniffing. It does not report the current state of the interface.

To actually start sniffing you need to call the command as shown (and replace en1 with your actual WiFi interface):

$ sudo airport en1 sniff
Capturing 802.11 frames on en1.
^CSession saved to /tmp/airportSniffHZ3nqn.cap.
$ ll /tmp/airportSniffHZ3nqn.cap 
-rw-r--r--  1 root  wheel  24 Nov 26 10:10 /tmp/airportSniffHZ3nqn.cap

It will keep running (and capturing) until you press Ctrl-C. To analyze the captured data you can use tcpdump or Wireshark.

Best Answer

Related Solutions

Using Airport Express connected via Ethernet to extend Airport Extreme wireless lan

MacOS – Bluetooth keyboard causing wifi to freak out, in turn using all of the CPU and RAM

Related Question