Wireshark · Ethereal-users: Re: [Ethereal-users] Ethereal on MAX 10.4

[Guy Harris <gharris@xxxxxxxxx>]

Michael Tuexen wrote:

> execute in a shell after reboot
> sudo chmod uog+r /dev/bpf*
> to give everyone the privilege to capture traffic.

Or, if you don't want every user who can log into your Mac to be able to 
capture traffic, either:

	sudo chown {your account name} /dev/bpf*

to let you capture, or do

	sudo chgrp admin /dev/bpf*
	sudo chmod g+r /dev/bpf*

to let everybody with admin privileges on the machine capture, or....

Changing the permissions of the /dev/bpf* devices is the way to do this 
on {Free,Net,Open,DragonFly}BSD and AIX as well.

Note that this will have to be done after every reboot on OS X, as it 
recreates the BPF devices on every reboot.  The libpcap 0.9.2 release 
has an OS X startup item that will do that; it's a shell script, so you 
can edit it to run whatever command or commands you want.

Recent versions of FreeBSD also recreate the BPF devices on every 
reboot, but you can configure the devfs daemon to set the modes 
appropriately.

On AIX, the devices are created on the first use, which requires root 
privileges, so there's no way to conveniently arrange that non-root 
users capture - at least not the first capture.