The disk image only has the package installer and a read me file. I keep on reading that I need to gain privilege on my BPF or ChmodBPF files, but I cannot find them anywhere. Currently trying to analyze my network, but all I see is my own traffic. I'm trying to monitor the entire traffic off of my home network. asked 13 Feb '13, 04:55  phiton |
3 Answers:
please search for bpf in the answers and comments of the following question:
Regards answered 13 Feb '13, 05:16  Kurt Knochner ♦ edited 13 Feb '13, 05:16 |
If you can capture traffic it seems likely that your capture permissions are sufficient. If you can only see your own traffic it's likely that you are on a switched network. Please give further information, either by editing your question, or as a comment, about your network setup. answered 13 Feb '13, 05:23  grahamb ♦ |
ChmodBPF is a "startup item" that the package installer installs; it changes the permission on BPF devices (files in the
By default, that's all you'll see on a Wi-Fi network. You would need to capture in "monitor mode" to see other hosts' traffic, and, if your network is using WEP or WPA/WPA2, you'll have to tell Wireshark the password for your network and, if it's using WPA/WPA2, you'll have to, for each machine whose traffic you want to see, disconnect it from the network and reconnect it while Wireshark is listening, so that you capture the initial "EAPOL handshake". See the how to decrypt 802.11 page on the Wireshark Wiki for more details. answered 05 Dec '13, 10:15  Guy Harris ♦♦ |
All I know what to say is that I'm connected to an Airport extreme. I have two laptops and a smartphone. WPA2. I'm assuming a really standard connection. As mentioned before, I can see my own traffic on my Mac, but my other devices cannot be captured.
See the wiki page on Wireless capture setup for more info on capturing Wireless traffic.