https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3980
--- Comment #2 from Guy Harris <guy@xxxxxxxxxxxx> 2009-09-03 19:57:19 PDT ---
If by "tcpdump yields the same results" you mean that tcpdump doesn't see HTTP
requests, just responses, then this isn't a Wireshark problem, it's a
SnowLeopard bug.
If:
1) the only packets you're not seeing are packets being sent by the machine
running Wireshark;
2) dumpcap isn't set-UID root and you're not running Wireshark or tcpdump
as root, and you changed the ownership and permissions of the /dev/bpf* devices
so that you can capture traffic when you're not running as root;
3) the non-root users who have permission to access the /dev/bpf* devices
have read, but not write, access to /dev/bpf*;
then this is a known bug - and you should file another bug against it at the
Apple Developer Connection bug reporter site (and add the bug number it assigns
to the bug to this bug).
The workaround is to give the users in question write permission as well - for
example, if "ls -l /dev/bpf*' reports something such as
crw-r----- 1 root admin 23, 0 Sep 3 18:45 /dev/bpf0
crw-r----- 1 root admin 23, 1 Sep 3 18:45 /dev/bpf1
crw-r----- 1 root admin 23, 2 Aug 7 17:15 /dev/bpf2
crw-r----- 1 root admin 23, 3 Aug 7 17:15 /dev/bpf3
do "sudo chmod g+w /dev/bpf*" so that the admin group gets write permission as
well.
(The bug is that, if you open a BPF device for reading but not writing, you
don't see outgoing traffic.)
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
