I know some of you may not have a Mac, but if you’re a network engineer—especially working with Wi-Fi—a Mac offers incredible capabilities. In Keith Parsons’ Wi-Fi Engineer’s Toolkit, it’s considered an essential item. You can watch this 10min video from Keith on that topic.

You can capture PCAP files using the Terminal CLI or by selecting the ‘Open Wireless Diagnostics’ option (available when you click the Wi-Fi icon while holding the Option key). Without pressing ‘Continue,’ go to Window → Sniffer. This will automatically select the channel and width your Mac’s Wi-Fi adapter is using.
In my case, I connected my Mac to the ‘mrn-Guest’ SSID, where I wanted to capture traffic, and then connected my Pixel phone to the same SSID while the capture was running. Once the capture stops, you can find the PCAP file in the /private/var/tmp folder on your Mac.

However, the easiest way is by using the AirTool 2 application from Intuitibits (~ USD 30). I switched to a Mac purely because of how easy it is to capture PCAPs using AirTool2 on a Mac. You can watch this video to see just how simple it is.

Once you run the ‘AirTool2‘ application, it provides a very simple interface to select the channel and channel width (for 5 and 6 GHz). Please note that it uses your Mac’s built-in Wi-Fi adapter, and you cannot add external USB adapters to a Mac for PCAP capability. For that reason, it’s recommended to use an M2-series or higher Mac, which supports 6 GHz. (As of late 2025, there are no Wi-Fi 7-capable Macs available.)

It also supports remote packet capture (using a WLANPi as the remote device) and offers multi-channel PCAP capability, which I’ll explore in the next post.