This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

MAC OSX Installation

0

Ok, I've used the MAC OSX 64 bit installer for the latest version of Wireshark, copied the command line folder and dragged the ChmodBFP to StartupItems alias. My installation doesn't seem to have a /dev folder, and I'm struggling to find where the 'BPF' devices live !

asked 17 Feb '11, 09:47

Tim%20Arnold's gravatar image

Tim Arnold
1111
accept rate: 0%

One Answer:

1

What's the question you're asking? "Why isn't it letting me start a capture even though I've installed the ChmodBPF startup item?", or "where are the BPF devices?"

The answer to the first question is "because, unfortunately, dragging ChmodBPF to StartupItems isn't good enough." You also need to open up a Terminal window (in an admin account) and do

sudo chown -R root:wheel /Library/StartupItems/ChmodBPF

and, once you've done that, you also have to do

sudo SystemStarter start ChmodBPF

to force that startup item to be run now, rather than only after a reboot. Once that's done, you shouldn't need to do those again.

The answer to the second question is "they live in the /dev directory". Mac OS X is UN*X - and, starting with Leopard, it's UNIX(R) - so it has "directories", not "folders", at the lowest level; a "folder" is what a directory looks like from higher levels in the OS, such as the Finder. The Finder won't show you /dev, but the UNIX command line will - in Terminal, do, for example, "ls /bpf".

answered 17 Feb '11, 21:02

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Guy, many thanks, done all that, but devices still not showing in the GUI. Do I need to edit the ChmodBPF file to recongine my 'admin group'? The file has this in (as the defaukt'

chgrp admin /dev/bpf chmod g+rw /dev/bpf

(18 Feb '11, 13:09) Tim Arnold

Devices won't ever show in the GUI - as I said, "The Finder won't show you /dev". Or by "the GUI" do you mean the drop-down list in the Capture Options window in the Wireshark GUI?

What do you mean by "my 'admin group'"? Users who have "Allow user to administer this computer" are in the system's "admin" group, and the ChmodBPF script will, by default, make the BPF devices usable by anybody in that group, so they can capture network traffic with tcpdump or *shark or dumpcap or....

(19 Feb '11, 01:21) Guy Harris ♦♦

You can open any directory in the GUI if you choose go to location from the menu and type it in. You just can't browse to there.

(01 Mar '11, 01:33) Mark Baker

You can open almost every directory in the GUI; /dev is not one of the ones you can open (try it with Go To Folder - the Finder informs you that "The folder can't be found").

(01 Mar '11, 04:59) Guy Harris ♦♦