AirCapture with MacBook

Sniff AirTraffic using Macbook is easy and you just have to follow the steps below:
1.)Quit all open applications.
2.)Try to join the Wi-Fi network that you are having issues with if you are not already connected.
3.)Open Wireless Diagnostics. Tip: You can hold down the Option key and then click the Wi-Fi menu extra.
4.)Enter your admin name and password when prompted.
5.)In Wireless Diagnostics, choose Window > Sniffer,
5.)Choose appropriate channel and channel width as per your Wireless AP Radio configuration

Start the capture , click stop when you are done , A capture file will be placed on the desktop.

I also found a Video done my benmiller regarding the same:


Why do you get a tiny browser pops up when you connect your iPhone to Guest network

>Apple has designed the ios devices in such a way that whenever you connect your iphone to a captive portal designed wifi network they bring it to your notice by popping up a tiny browser  that you have to authenticate to get on internet.

>How does this work on the background?

155.726863 -> DNS Standard query A
155.901921 -> DNS Standard query response CNAME CNAME A
155.929087 -> TCP 65431 > http [SYN, ECN, CWR] Seq=0 Win=65535 Len=0 MSS=1416 WS=5 TSV=760100837 TSER=0 SACK_PERM=1
155.930144 -> TCP http > 65431 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=8650997 TSER=760100837 WS=0

>Once the devices gets a IP address the iphone tries to send traffic to and if gets any reply the device knows that the user have already authenticated.

>If  the device not able to reach the then it understands that there is a captive portal to authenticate  further.

>In this sample capture the device gets a response from , he know that it does has internet access and CNA is not required.