Category: Apple IOS

AirCapture with MacBook

Sniff AirTraffic using Macbook is easy and you just have to follow the steps below:
1.)Quit all open applications.
2.)Try to join the Wi-Fi network that you are having issues with if you are not already connected.
3.)Open Wireless Diagnostics. Tip: You can hold down the Option key and then click the Wi-Fi menu extra.
4.)Enter your admin name and password when prompted.
5.)In Wireless Diagnostics, choose Window > Sniffer,
5.)Choose appropriate channel and channel width as per your Wireless AP Radio configuration

Start the capture , click stop when you are done , A capture file will be placed on the desktop.

I also found a Video done my benmiller regarding the same:

http://www.sniffwifi.com/2013/10/how-to-capture-wifi-free-in-mac-os-x.html

Why do you get a tiny browser pops up when you connect your iPhone to Guest network

>Apple has designed the ios devices in such a way that whenever you connect your iphone to a captive portal designed wifi network they bring it to your notice by popping up a tiny browser  that you have to authenticate to get on internet.

>How does this work on the background?

155.726863 192.168.242.85 -> 192.168.242.15 DNS Standard query A captive.apple.com
155.901921 192.168.242.15 -> 192.168.242.85 DNS Standard query response CNAME captive.apple.com.edgekey.net CNAME e7279.dsce9.akamaiedge.net A 104.72.84.134
155.929087 192.168.242.85 -> 104.72.84.134 TCP 65431 > http [SYN, ECN, CWR] Seq=0 Win=65535 Len=0 MSS=1416 WS=5 TSV=760100837 TSER=0 SACK_PERM=1
155.930144 104.72.84.134 -> 192.168.242.85 TCP http > 65431 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=8650997 TSER=760100837 WS=0

>Once the devices gets a IP address the iphone tries to send traffic to captive.apple.com and if gets any reply the device knows that the user have already authenticated.

>If  the device not able to reach the captive.apple.com then it understands that there is a captive portal to authenticate  further.

>In this sample capture the device gets a response from 104.72.84.134 , he know that it does has internet access and CNA is not required.