This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

The disk image only has the package installer and a read me file. I keep on reading that I need to gain privilege on my BPF or ChmodBPF files, but I cannot find them anywhere.

Currently trying to analyze my network, but all I see is my own traffic. I'm trying to monitor the entire traffic off of my home network.

asked 13 Feb '13, 04:55

phiton's gravatar image

phiton
11112
accept rate: 0%


please search for bpf in the answers and comments of the following question:

http://ask.wireshark.org/questions/578/mac-os-cant-detect-any-interface

Regards
Kurt

permanent link

answered 13 Feb '13, 05:16

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 13 Feb '13, 05:16

If you can capture traffic it seems likely that your capture permissions are sufficient.

If you can only see your own traffic it's likely that you are on a switched network. Please give further information, either by editing your question, or as a comment, about your network setup.

permanent link

answered 13 Feb '13, 05:23

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

All I know what to say is that I'm connected to an Airport extreme. I have two laptops and a smartphone. WPA2. I'm assuming a really standard connection. As mentioned before, I can see my own traffic on my Mac, but my other devices cannot be captured.

(13 Feb '13, 05:35) phiton

See the wiki page on Wireless capture setup for more info on capturing Wireless traffic.

(13 Feb '13, 05:53) grahamb ♦

The disk image only has the package installer and a read me file. I keep on reading that I need to gain privilege on my BPF or ChmodBPF files, but I cannot find them anywhere.

ChmodBPF is a "startup item" that the package installer installs; it changes the permission on BPF devices (files in the /dev directory with names beginning with bpf) so that you get the necessary privileges.

Currently trying to analyze my network, but all I see is my own traffic.

By default, that's all you'll see on a Wi-Fi network. You would need to capture in "monitor mode" to see other hosts' traffic, and, if your network is using WEP or WPA/WPA2, you'll have to tell Wireshark the password for your network and, if it's using WPA/WPA2, you'll have to, for each machine whose traffic you want to see, disconnect it from the network and reconnect it while Wireshark is listening, so that you capture the initial "EAPOL handshake". See the how to decrypt 802.11 page on the Wireshark Wiki for more details.

permanent link

answered 05 Dec '13, 10:15

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×108
×8
×6

question asked: 13 Feb '13, 04:55

question was seen: 3,509 times

last updated: 05 Dec '13, 10:15

p​o​w​e​r​e​d by O​S​Q​A