Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: No interfaces in Wireshark interface list

From: Guy Harris <guy () alum mit edu>
Date: Mon, 20 Dec 2010 11:56:08 -0800

On Dec 20, 2010, at 10:06 AM, Michael Tüxen wrote:


sudo chmod uog+r /dev/bpg*
is your friend...


...and

        sudo chmod og+rw /dev/bpf*

is even friendlier. :-)  (The "f" rather than "g" in "bpf" is required; the "u" in "uog" isn't necessary, as the user 
read and write permissions are set by default; the "rw" rather than "r" isn't required on, I think, 10.6.3 or later, 
but a bug in earlier 10.6.x releases requires, in those releases, that the BPF device be opened for writing in order to 
see packets that your machine is sending, and that requires that you give write permission - which, for better or 
worse, means that it allows *sending* of raw network packets).

To arrange that this happen even after a reboot - /dev/bpf* are on devfs, which is an in-memory file system, so changes 
to permissions don't persist across a reboot - install the ChmodBPF startup item that comes on the Wireshark dmg.

Note that

        sudo chmod uog+rw /dev/bpf*

allows any processes run by any user to capture network traffic.  If you want to allow only processes run by you, or 
root, to do so, do

        sudo chown {your account's "short name"} /dev/bpf*

and if you want to allow only processes run by an administrator account, or root, to do so, do

        sudo chgrp admin /dev/bpf*
        sudo chmod g+rw /dev/bpf*

If you're on 10.6.3 or later, and you don't want to grant permission to *send* raw network packets (Wireshark doesn't 
currently support sending raw network packets, and permission to use BPF to send or receive packets is *not* necessary 
for normal network operations), just use "r" instead of "rw".
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: