I need to capture on en4, a thunderbolt-to-ethernet adapter on OS X 10.11.6. tshark -i en4 and tshark -D work fine for en4, but the en4 interface isn't visible in the wireshark interface list. Permissions and ownership on the /dev/bpf* devices are all the same: crw-rw---- 1 root access_bpf. This is Wireshark Version 2.2.2 (v2.2.2-0-g775fb08), TShark (Wireshark) 2.2.2 (v2.2.2-0-g775fb08) Clue much appreciated! -jah asked 23 Nov '16, 12:12  jah showing 5 of 8 show 3 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Did you start Wireshark before, or after, you plugged the adapter into the Mac?
After - adapter is plugged in at boot time.
And oddly, tshark & tcpdump see it just fine.
Does the command line run with different rights/as a different user than the Wireshark binary?
tshark and wireshark both run as the same user; even starting wireshark as root (sudo start -a wireshark in macland) it still misses en4. Thanks for the thought.
Just out of curiosity, what adapter is it?
It's an Apple thunderbolt-to-Ethernet adapter, "Model A1433 EMC 2590" printed on the plastic.
I can't figure out why the CLI tools would recognize en4, but not wireshark. Does wireshark have a config file that excludes some interfaces or limits their total number to 10?
thx!
What does it show when you go into the menu Capture|Options... then click Manage Interfaces... does it show it then?
Nope. It shows all the same interfaces as tshark -D, except en4. Here's the tshark -D output (with apologies for the formatting):