Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Error when trying to run wireshark-chmodbpf 1.0.2

From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Thu, 14 Jan 2021 17:43:22 -0800
Does MacPorts wireshark-chmodbpf the script create /dev/bpf<X> up to /dev/bpf255, or does it stop at /dev/bpf1?

The script appears to be

https://github.com/macports/macports-ports/blob/master/net/wireshark-chmodbpf/files/patch-wireshark-chmodbpf.diff

which in turn appears to be adapted from the ChmodBPF we ship with Wireshark 3.2 and earlier:

https://gitlab.com/wireshark/wireshark/-/blob/master-3.2/packaging/macosx/ChmodBPF/root/Library/Application%20Support/Wireshark/ChmodBPF/ChmodBPF

I can replicate the "Resource busy" message here by running Wireshark, leaving the welcome screen up and attempting to read from /dev/bpf0:

----
$ read -n 0 < /dev/bpf0 > /dev/null 2>&1
bash: /dev/bpf0: Resource busy
----

However, that's just a result of Wireshark updating the interface sparklines via `dumpcap -S`, which has the first few /dev/bpf<X> devices open. It shouldn't keep wireshark-chmodbpf from creating all of the desired /dev/bpf<X> devices. If it does, then that's definitely a bug.

On 1/14/21 3:03 PM, Kok-Yong Tan wrote:
It’s a MacBook Pro running macOS 10.14.6.  I just upgraded Wireshark3 by rebuilding it using MacPorts.  Previously, just manually entering the “sudo chgrp…” and “sudo chmod…” Unix commands used to work fine.  Now it’s not.

On 14 Jan, 2021, at 09:48 , Jaap Keuter <jaap.keuter@xxxxxxxxx <mailto:jaap.keuter@xxxxxxxxx>> wrote:

Hi,

It would probably help if you listed what your system is and what you were doing before.

Thanks,
Jaap


On 14 Jan 2021, at 01:18, Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx <mailto:ktan@xxxxxxxxxxxxxxxxxxx>> wrote:

sudo wireshark-chmodbpf
/opt/local/sbin/wireshark-chmodbpf: line 35: /dev/bpf0: Resource busy
/opt/local/sbin/wireshark-chmodbpf: line 35: /dev/bpf1: Resource busy

Does anybody know how to fix the above?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx <mailto:wireshark-users@xxxxxxxxxxxxx>>
Archives: https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users <https://www.wireshark.org/mailman/options/wireshark-users>
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe <mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx <mailto:wireshark-users@xxxxxxxxxxxxx>>
Archives: https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users <https://www.wireshark.org/mailman/options/wireshark-users>
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe <mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe>


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe