techblog 

Wireshark is a free, open source network protocol analyzer. It can be used as a graphical interface when viewing tcpdump files. Alternatively, it can be used to capture live network traffic. For this, it must be able to read raw data from network interfaces. Using the standard install from DMG package under Mac OS X this is not straightforward.

By default the /dev/bpf* interfaces are owned by root with permissions set to rw-------. They can be opened for reading using sudo chmod go+r /dev/bpf*, but this is not persistent across reboots. To permanently ensure that Wireshark can be used in capture mode it is necessary to run this command on start up. The mechanism to do this is explained here. I made a slight modification to the ChmodBPF script to run the command above. The gzipped file is attached. Simply unzip this and put it in /Library/StartupItems.