Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Wireshark Macbook Air USB assistance

From: John C <johnc73@xxxxxxxxx>
Date: Wed, 27 Jan 2010 11:55:14 +0800
This is all excellent information - thank you for sharing. I don't
seem to have a /usr/local/bin directory currently, so I'll create one
and follow your steps. Appreciate the assistance.

Regards
John C

On Wed, Jan 27, 2010 at 11:05 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Jan 26, 2010, at 6:16 PM, John C wrote:
>
>>   That corrected the issue - thank you for the helpful information.
>
> If you're running Leopard, "man tcpdump" should give the full story; if you're running Snow Leopard, "man pcap" should give the full story.  Look for the section that starts with "Reading packets from a network interface may require that you have special privileges:"; the key part is
>
>       Under BSD (this includes Mac OS X):
>              You  must  have  read  access to /dev/bpf* on systems that don't
>              have a cloning BPF device, or to /dev/bpf on  systems  that  do.
>              On  BSDs  with  a  devfs  (this  includes  Mac OS X), this might
>              involve more than just having somebody  with  super-user  access
>              setting  the  ownership  or  permissions on the BPF devices - it
>              might involve configuring devfs to set the ownership or  permis-
>              sions  every  time the system is booted, if the system even sup-
>              ports that; if it doesn't support that, you might have  to  find
>              some other way to make that happen at boot time.
>
> On OS X Leopard and later, a "way to make that happen at boot time" is to install the attached "chmod_bpf" script in /usr/local/bin (make sure it has execute permission), install the attached "org.tcpdump.chmod_bpf.plist" file in /Library/LaunchDaemons (make sure it's owned by root, group wheel), and then do "sudo launchctl load /Library/LaunchDaemons/org.tcpdump.chmod_bpf.plist".  That will arrange that the BPF devices be owned by root, group admin, and have read/write permission for group admin, so all administrative users will be able to run tcpdump, Wireshark, TShark, dumpcap, etc. without having to have root privileges, and that this will be done at boot time for every reboot.
>
> If you want to limit that privilege to yourself, change the "chmod_bpf" script to run the chown command rather than the chgrp command, and not run the chmod command.
>
> (For Tiger and earlier systems, unpack the attached tar file in the /Library/StartupItems directory and then use the appropriate command to run the ChmodBPF startup item; edit the ChmodBPF script in that startup item to change what privileges are required for capture.)
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>