We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] FreeBSD & Running As User

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 27 Sep 2007 18:08:07 -0700

On Sep 27, 2007, at 3:34 PM, J wrote:

Regarding my original post, thanks to Stephen and Guy
for their suggestions but there seems to be no way to
run Wireshark as a non-admin user.  What happens when
I try various methods of granting access, specifically
changing ownership of bpf0 by user or group, is that
another device (bpf*+1) is created each time Wireshark
is launched.  So if I've changed the permission on
bpf0, bpf1 is created to which I am denied access.
Change bpf1, and the program then looks for device
bpf2.  Any FreeBSD Wireshark/Ethereal users have a

To quote Stephen's reply:

To make these changes permament, you need to modify /etc/devfs.conf for next bootup. It is probably best to make the change to devfs.conf even if you aren't going to reboot, as each newly created bpf device inherits the permissions you give it in that file. Sometimes new bpf devices are
created on the fly when using capturing tools.

If you change /etc/devfs.conf correctly, it will give *all* /dev/bpf* devices the correct permissions when they are created, so that you don't have to change the permissions after they've created.

Unfortunately, I'm at work, and don't have my FreeBSD machine handy (and I don't remember whether I preserved my /etc/devfs.conf file when I upgraded from 6.0 to 6.2, so I might have to reconstruct them); I'll try to dig up the /etc/devfs.conf changes for this.