Under Wireless Diagnostics in macOS, you can find additional tools for scanning, sniffing, and monitoring Wireless 802.11.
All these hidden tools are helpful when trying to analyze channels, coverage, or even troubleshoot connectivity issues.
I include some quick tutorials to manipulate the output information like captures and log files.
Launching Wireless Diagnostics
You can open the Wireless Diagnostics menu bar from the instructions below or by Spotlight.
- On your Mac’s menu bar you’ll find the Wi-Fi icon, Push down the Option key ⌥ on your keyboard, and click the icon.
- You should see a long menu appear, and near the top, you’ll see a menu item called ‘Open Wireless Diagnostics.’
- Click “Open Wireless Diagnostics,” and now you can access the tools from the Wireless Diagnostics menu bar.
Hit “Command-Space” from the keyboard to bring up Spotlight and type in “Wireless Diagnostics.”
Overview: Info, Performance, and Monitor
- Info: Gathers vital details about your current network connection.
- Performance: Uses three live graphs to show the performance of your Wi-Fi connection:
- Monitor: Displays a small window with one graph showing signal (RSSI) and noise measurements over time, and another showing transmission rate over time.
Below is a deeper dive on Scan, Sniffer, and logs.
Scan can survey, locate, and list wireless routers in your vicinity, it also shows details about them.
Some information it discovers:
- The Network Name or SSID
- The MAC address of Access Point (BSSID)
- Wireless security protocol in use
- 802.11 protocol in use
- Signal strength
You also get an overall summary which may allow you to make changes to your Wireless router configuration.
Sniffer captures traffic on your Wi-Fi connection giving you the ability to intercept and look at the packets afterward. The Sniffer is useful with:
- Diagnosing or investigating potential network problems
- Identifying configuration issues
- Monitoring network usage and activity
- Discovering possible network abuse, malware, and attacks
Start using the sniffer by selecting a Channel, Width, and clicking the “Start” button. When you click “Stop”, a capture file (.wcap) is saved to the /var/tmp/ directory on your Mac.
Capture File info
- The .wcap file extension is a Wireless Diagnostics captured packet
- Once saved they have a timestamp naming convention
Use Capture File
Copy all the capture files to a folder on your Desktop to easily access it.
sudo mkdir /Users/NameHere/Desktop/wifi && cp -R /var/tmp/*wcap wifi
You can rename the .wcap file extension to .pcap to open in third-party traffic analyzers like Wireshark or tcpdump.
sudo mv 2017.03.14_11-00-33-EDT.wcap 2017.03.14_11-00-33-EDT.pcap
Use tcpdump for analysis since it’s already available on Mac.
Read the captured packets.
tcpdump -r 2017.03.14_11-00-33-EDT.pcap
Read captured packets and print with link level header in hex along with ASCII.
tcpdump -XXr 2017.03.14_11-00-33-EDT.pcap
When launching this tool, it enables logging in the background for Wireless and other parts of macOS. The results get saved to a log file (wifi.log) in the /private/var/log/ directory.
When you click the “Show” button, it will show the wifi.log file itself in the log directory.
Note: logging continues even when you quit the app or restart your Mac, so remember to disable logging after your finished.
Use Wifi log
I put together a few things below for viewing, monitoring, and handling the file.
Copy the log file to a folder on your Desktop to easily access it.
sudo mkdir /Users/NameHere/Desktop/wifi_logs && cp -R /private/var/log/wifi.log wifi_logs
Follow the wifi log file and filter out Bluetooth messages.
tail -f /private/var/log/wifi.log | grep -v 'Bluetooth'
Follow the wifi log file and view messages related to link quality like RSSI.
tail -f /private/var/log/wifi.log | grep 'link quality'