Wireshark capture under Mac OS X
(8 votes, average: 4.75 out of 5)
Loading ...Wireshark is a free, open source network protocol analyzer. It can be used as a graphical interface when viewing tcpdump files. Alternatively, it can be used to capture live network traffic. For this, it must be able to read raw data from network interfaces. Using the standard install from DMG package under Mac OS X this is not straightforward.
By default the /dev/bpf* interfaces are owned by root with permissions set to rw-------. They can be opened for reading using sudo chmod go+r /dev/bpf*, but this is not persistent across reboots. To permanently ensure that Wireshark can be used in capture mode it is necessary to run this command on start up. The mechanism to do this is explained here. I made a slight modification to the ChmodBPF script to run the command above. The gzipped file is attached. Simply unzip this and put it in /Library/StartupItems.
December 30th, 2008 at 9:47 pm
Thanks for sharing your work. I learned a lot about my Mac just by carefully following your explanation and code.
Cheers!
John Burgoon
January 22nd, 2009 at 10:35 pm
[…] app will warn you that this is unsafe, but it works. The Nominet team says that you can address this issue by […]
February 2nd, 2009 at 6:50 am
Thanks. I’ve seen variations of this info across the web for setting permissions for bpf, but this is the first that I’ve found that works. You said the gzipped file to run the command on startup is attached, but I’m not seeing it. Are you referring to the zipped file in the link you posted?
Dan
September 1st, 2009 at 11:39 pm
Thank you. This worked. One main note. You chmod, you have to have root access. There is a document outlining how to enable root login for the various OS X versions.
Go to apple support and search for enabling root account.
http://support.apple.com/kb/HT1528