Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Error when trying to run wireshark-chmodbpf 1.0.2

From: Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 14 Jan 2021 20:59:32 -0500
The wireshark-chmodbpf script stops at /dev/bpf1.

However, there appears to be /dev/bpf0 through /dev/bpf10 in existence when I do a “ls -lu /dev/bpf*” but nothing beyond bpf10.  

crw-r-----  1 root  access_bpf   23,   0 Jan 14 16:57 /dev/bpf0
crw-r-----  1 root  access_bpf   23,   1 Jan 14 16:57 /dev/bpf1
crw-r-----  1 root  access_bpf   23,  10 Jan 14 16:57 /dev/bpf10
crw-r-----  1 root  access_bpf   23,   2 Jan 14 20:50 /dev/bpf2
crw-r-----  1 root  access_bpf   23,   3 Jan 14 20:50 /dev/bpf3
crw-r-----  1 root  access_bpf   23,   4 Jan 14 20:50 /dev/bpf4
crw-r-----  1 root  access_bpf   23,   5 Jan 14 20:50 /dev/bpf5
crw-r-----  1 root  access_bpf   23,   6 Jan 14 20:50 /dev/bpf6
crw-r-----  1 root  access_bpf   23,   7 Jan 14 20:50 /dev/bpf7
crw-r-----  1 root  access_bpf   23,   8 Jan 14 20:50 /dev/bpf8
crw-r-----  1 root  access_bpf   23,   9 Jan 14 20:50 /dev/bpf9

Also, I’m not running wireshark when I run the wireshark-chmodbpf script using sudo!

On 14 Jan, 2021, at 20:43 , Gerald Combs <gerald@xxxxxxxxxxxxx> wrote:

Does MacPorts wireshark-chmodbpf the script create /dev/bpf<X> up to /dev/bpf255, or does it stop at /dev/bpf1?

The script appears to be

https://github.com/macports/macports-ports/blob/master/net/wireshark-chmodbpf/files/patch-wireshark-chmodbpf.diff

which in turn appears to be adapted from the ChmodBPF we ship with Wireshark 3.2 and earlier:

https://gitlab.com/wireshark/wireshark/-/blob/master-3.2/packaging/macosx/ChmodBPF/root/Library/Application%20Support/Wireshark/ChmodBPF/ChmodBPF

I can replicate the "Resource busy" message here by running Wireshark, leaving the welcome screen up and attempting to read from /dev/bpf0:

----
$ read -n 0 < /dev/bpf0 > /dev/null 2>&1
bash: /dev/bpf0: Resource busy
----

However, that's just a result of Wireshark updating the interface sparklines via `dumpcap -S`, which has the first few /dev/bpf<X> devices open. It shouldn't keep wireshark-chmodbpf from creating all of the desired /dev/bpf<X> devices. If it does, then that's definitely a bug.

On 1/14/21 3:03 PM, Kok-Yong Tan wrote:
It’s a MacBook Pro running macOS 10.14.6.  I just upgraded Wireshark3 by rebuilding it using MacPorts.  Previously, just manually entering the “sudo chgrp…” and “sudo chmod…” Unix commands used to work fine.  Now it’s not.
On 14 Jan, 2021, at 09:48 , Jaap Keuter <jaap.keuter@xxxxxxxxx <mailto:jaap.keuter@xxxxxxxxx>> wrote:

Hi,

It would probably help if you listed what your system is and what you were doing before.

Thanks,
Jaap


On 14 Jan 2021, at 01:18, Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx <mailto:ktan@xxxxxxxxxxxxxxxxxxx>> wrote:

sudo wireshark-chmodbpf
/opt/local/sbin/wireshark-chmodbpf: line 35: /dev/bpf0: Resource busy
/opt/local/sbin/wireshark-chmodbpf: line 35: /dev/bpf1: Resource busy

Does anybody know how to fix the above?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx <mailto:wireshark-users@xxxxxxxxxxxxx>>
Archives: https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users <https://www.wireshark.org/mailman/options/wireshark-users>
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe <mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx <mailto:wireshark-users@xxxxxxxxxxxxx>>
Archives: https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users <https://www.wireshark.org/mailman/options/wireshark-users>
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe <mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe>
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


Attachment: signature.asc
Description: Message signed with OpenPGP