On Thu, Jun 10, 2004 at 02:39:08PM -0700, Ray Mason wrote:
> I'm trying to run ethereal on my MAC running OSX 10.3 and it looks like
> this device does not exist.
No - the error is "Permission denied", not "No such file or directory".
> Do you have any notes on how I can enable this support on OSX 10.3?
It's enabled by default.
However, you need to be able to read the BPF devices; you can do that by
running Ethereal as root, making the BPF devices publicly readable, or
making them owned by your user ID.
The other replies indicated how to do the first two; the third can be
done with
sudo chown {your login name} /dev/bpf*
Running Ethereal as root has the advantage that if somebody else logs
into your machine but can't run sudo, they can't do any packet capture.
It has the disadvantage that you're trusting a large program that uses a
fairly large GUI interface not to screw up.
Making the BPF devices publicly readable has the advantage that anybody
can capture with Ethereal (or tcpdump, or other libpcap-based
applications) without having to run it as root. It has the disadvantage
that anybody - even somebody who breaks into your machine - can capture
traffic on the network.
Making the BPF devices owned by you has the advantage that you can
capture with Ethereal (or other libpcap-based applications) without
having to run as root, but if somebody else logs into your machine they
can't capture traffic unless they can become root or you. It has the
disadvantage that they *can* capture traffic if they can become root or
you.
