(pronounced like "whiff". get it?)
Build from source with gcc -lpcap wif.c -o wif (need libpcap installed (already pre-installed on macOS)) or install with Homebrew: brew install quackduck/tap/wif
Wif works by putting your default interface in monitor mode. This requires the WiFi interface to not be connected to a network. This means that you must disconnect from the WiFi network you're connected to before using Wif.
Usage is easy. Just run ./wif (you may need sudo to capture packets). No arguments or options. Wif prints all packets that are heading to devices from the router, keeps track of SSIDs found, and shows two tables of information: one for devices that shows the BSSID they're connected to, the SSID (if detected), the last frame control field of the packet, the relative share of all traffic with a bar plot, and one for BSSIDs to SSIDs with a field for whether the network is encrypted or not.
Wif also saves a wif.pcap file in the working directory that can be used for later analysis.
Important: Wif can't setup the channel or channel width to listen on: you need to find out how to do this on your OS
On macOS, most people use the aiport CLI to do this. However, airport doesn't allow adjusting the channel width, which is a major flaw. For this reason, I recommend using chanch, a CLI dedicated to channel changing on macOS that fixes this issue.
This packet was destined for a computer that was visiting an HTTP website on an unencrypted network. (Don't worry, I own both the computer and the network)
This image shows the two tables of data that Wif presents.
An example with the new barplot feature:
Wif was made for educational purposes (I learnt so much making this thing, it's unbelievable) and is intended to be used for educational purposes. I absolve myself of responsibility for any legal trouble you get into for using this tool.