Re: [BUG?} Mac OS X: iflist error when run as non-root

[David Fifield <david () bamsoftware com>]

On Sat, Dec 06, 2008 at 09:16:06AM -0600, Tom Sellers wrote:
> I am experiencing an unexpected behavior when using nmap
> to dump an interface list on Mac OS X 10.4.11.  It appears
> that nmap will not list the information properly if the
> command is not run via sudo or as root.  A search of the
> list archives shows that Matt Selsky brought this up in
> Nov of 2007 on a SVN version of 4.23
> (http://seclists.org/nmap-dev/2007/q4/0359.html).
>
> Based on the information I have I am not sure if this
> behavior is a bug nmap or just normal functionality of
> OS X.

I think this has to do with the mode of the /dev/bpf* devices. When I
installed Wireshark I also installed the ChmodBPF script that gives
users in the admin group read and write permission to /dev/bpf*.

http://anonsvn.wireshark.org/viewvc/trunk/packaging/macosx/ChmodBPF/ChmodBPF?view=markup

With I run "nmap --iflist" as a non-root user in the admin group, I get
no error messages. When I run it as a user not in the admin group, I get
the same problem you described: "Warning: Unable to open interface en1
-- skipping it.". If I "sudo chmod g-rw /dev/bpf*" then I get the errors
with the admin user as well.

So I think this is a peculiarity of Mac OS X.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org