Re: Wireshark Macbook Air USB assistance

[John C <johnc73 () gmail com>]

This is all excellent information - thank you for sharing. I don't
seem to have a /usr/local/bin directory currently, so I'll create one
and follow your steps. Appreciate the assistance.

Regards
John C

On Wed, Jan 27, 2010 at 11:05 AM, Guy Harris <guy () alum mit edu> wrote:
> On Jan 26, 2010, at 6:16 PM, John C wrote:
>
> >   That corrected the issue - thank you for the helpful information.
>
> If you're running Leopard, "man tcpdump" should give the full story; if you're running Snow Leopard, "man pcap" 
> should give the full story.  Look for the section that starts with "Reading packets from a network interface may 
> require that you have special privileges:"; the key part is
>
>       Under BSD (this includes Mac OS X):
>              You  must  have  read  access to /dev/bpf* on systems that don't
>              have a cloning BPF device, or to /dev/bpf on  systems  that  do.
>              On  BSDs  with  a  devfs  (this  includes  Mac OS X), this might
>              involve more than just having somebody  with  super-user  access
>              setting  the  ownership  or  permissions on the BPF devices - it
>              might involve configuring devfs to set the ownership or  permis-
>              sions  every  time the system is booted, if the system even sup-
>              ports that; if it doesn't support that, you might have  to  find
>              some other way to make that happen at boot time.
>
> On OS X Leopard and later, a "way to make that happen at boot time" is to install the attached "chmod_bpf" script in 
> /usr/local/bin (make sure it has execute permission), install the attached "org.tcpdump.chmod_bpf.plist" file in 
> /Library/LaunchDaemons (make sure it's owned by root, group wheel), and then do "sudo launchctl load 
> /Library/LaunchDaemons/org.tcpdump.chmod_bpf.plist".  That will arrange that the BPF devices be owned by root, group 
> admin, and have read/write permission for group admin, so all administrative users will be able to run tcpdump, 
> Wireshark, TShark, dumpcap, etc. without having to have root privileges, and that this will be done at boot time for 
> every reboot.
>
> If you want to limit that privilege to yourself, change the "chmod_bpf" script to run the chown command rather than 
> the chgrp command, and not run the chmod command.
>
> (For Tiger and earlier systems, unpack the attached tar file in the /Library/StartupItems directory and then use the 
> appropriate command to run the ChmodBPF startup item; edit the ChmodBPF script in that startup item to change what 
> privileges are required for capture.)
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe