Wednesday, December 18, 2013

How to turn on wireless monitor mode to sniffer 802.11 wireless frame on OSX 10.9?

Install:
Step1. Install XQartz(X11) for OSX 10.6 or later (http://xquartz.macosforge.org/landing/)
Step2. Logout and login OSX by Admin account.
Step3. Install Wireshark for OSX 10.6 and later Intel 64 bit (http://www.wireshark.org/download.html)
Step4. Launch Wireshark and chose XQartz as X11 environment.
Step5. Turn on monitor mode -> http://ask.wireshark.org/questions/26270/how-to-turn-on-monitor-mode-on-mac-osx-1075

Specify channel for 2.4G or 5G radio:
Step1. sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport
Step2. sudo airport -z #disassociates you card from the current network
Step3. sudo airport --channel= ["channel you want to switch to"] #sets the channel the card monitors on

Tuesday, December 03, 2013

為何tail -f | grep "" >> 檔案 然後發現資料不完全? missing line?

昨天被同事問到這個問題,由於小弟智力有限一時間竟無法理解,然而今天找到答案了,原來是libc對於這種 pipe的結構不會自動去清除buffer,所以一旦buffer滿了(4KB by default)那接下來的資料就無法繼續傳給pipe之後來處理,所以就會missing line囉,解決的方法就是手動自行清除buffer如下以避免爆炸。

tail -f | grep "pattern" --line-buffered >> /tmp/log &