This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Mac OS can’t detect any interface

2
1

I have just installed wireshark 1.4.1 in my Mac 10.6.4 but i get the following error (-) "There are no interfaces on which a capture can be done."

What can i do?

asked 21 Oct '10, 13:26

the_sniffer's gravatar image

the_sniffer
31123
accept rate: 0%

edited 07 May '11, 07:18

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142

When upgrading from 1.4.3 to 1.6.2 in 10.5.8 I had the same problem with dev permissions.

I noticed that ChmodBPF is different.

In 1.4.3 it issues the following commands

chgrp admin /dev/bpf*
chmod g+rw /dev/bpf*

In 1.6.2 it issues the following commands

chgrp access_bpf /dev/bpf*
chmod g+rw /dev/bpf*

The group access_bpf is not added by the Wireshark installer.

(30 Oct '11, 05:09) wsk

It is added on 10.6, by using the "dseditgroup" command. What does the command "man dseditgroup" print on your 10.5.8 machine? Perhaps that command is missing, or perhaps it behaves differently in 10.5.x, so that the script's use of it works in 10.6.x but not 10.5.x.

Please file a bug on this at the Wireshark bugzilla, and put the output of "man dseditgroup" in that bug. ask.wireshark.org is not the best place for discussion of bugs.

(30 Oct '11, 13:51) Guy Harris ♦♦

6 Answers:

5

This solution worked for me on OS X Leopard 10.6.6 running wireshark 1.4.3

  • Open terminal
  • type 'whoami' to see your exact user name (for me that was keving)
  • execute the following commands (substituting your username for mine--also enter your login password when prompted, of course):
cd /dev
sudo chown keving:admin bp*
ls -la | grep bp

The last command will display a list of files such as:

crw-------   1 keving  admin      23,   0 Feb  9 00:52 bpf0
crw-------   1 keving  admin      23,   1 Feb  9 00:52 bpf1
crw-------   1 keving  admin      23,   2 Feb  7 10:59 bpf2
crw-------   1 keving  admin      23,   3 Feb  7 10:59 bpf3
crw-------   1 root    wheel      23,   4 Feb  9 01:03 bpf4

Make sure all of them have your user name and admin as the user/group. For some reason, the last one didn't get assigned properly so I had to run the command:

sudo chown keving:admin bpf4

that fixed it

from there, you can type:

cd /Applications
open WireShark.app

And it will work.

Hope that helps someone,

-gmale

answered 08 Feb '11, 22:08

gmale's gravatar image

gmale
9023
accept rate: 0%

edited 08 Feb '11, 22:12

BPF devices are created "on the fly" as needed, in groups of 4, in Mac OS X; the "chown" command (which should probably have "bpf" rather than "bp" as its argument) will affect only the BPF devices that currently exist; if all the BPF devices are currently open, the next program that tries to open one will provoke 4 more to be created, and they'll have permissions rw------- and be owned by root:wheel.

Perhaps someday OS X will switch to using a cloning BPF device.

(07 May '11, 10:28) Guy Harris ♦♦

gmale, Perfect! Helped me: thank you :)

By the way, I did this with Wireshark running, and the fix worked in place.

(10 May '13, 17:50) Raymond Naseef

2

From http://ask.wireshark.org/questions/2829/capturing-with-wireshark-on-mac-os-1066:

  1. Download Wireshark 64 bit version launch WireShark .dmg file. a new Finder window opens. Leave it.

  2. Open a terminal window. Issuing this command to verify that the dmg is loaded in the usual spot: "ls /Volumes/Wireshark/Utilities/" If u see the list of files then it's loaded properly.

  3. Copy the ChmodBPF file : "sudo cp -R /Volumes/Wireshark/Utilities/ChmodBPF/ /Library/StartupItems"

  4. sudo chown -R root:wheel /Library/StartupItems/ChmodBPF

  5. sudo SystemStarter start ChmodBPF

answered 07 May '11, 02:36

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

0

I think you experience the common problem that your Wireshark does not have the necessary rights to access the network card for data capture. Maybe this Wiki page will help:

http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

answered 22 Oct '10, 04:48

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thanks Jasper...

But i tried to understand the Mac OS part but it didnt pin to a solution that really helped. I did more diging and i tried some steps from youtube: http://www.youtube.com/watch?v=Tgm4n6zVDAY but all the mentioned steps didnt help :(

(22 Oct '10, 08:37) the_sniffer

Hi, sorry, but I have no Mac skills whatsoever and I have no Mac around to try things out, otherwise I would try to get you a step by step solution. Maybe some other Mac hero can help you here?

(22 Oct '10, 09:01) Jasper ♦♦

No mac user here, but may be you can find useful information in this thread or bug 4909

(22 Oct '10, 11:40) joke

0

Another option is to run WireShark as su:

sudo /opt/local/bin/wireshark

This is not recommended - for security reasons - but at least you can quickly test if the installation works. In this example, WireShark was installed using MacPorts, hence the unusual path.

answered 06 May '11, 01:24

perqa's gravatar image

perqa
151
accept rate: 0%

edited 06 May '11, 01:30

-1

Modify the shortcut / menu item to run "gksudo wireshark" or "kdesudo". This should then prompt you for the root password and enable you to access the interfaces with sufficient rights.

answered 22 Oct '10, 15:25

Peter's gravatar image

Peter
65127
accept rate: 0%

That's not the way to proceed, because: 1. It's a Mac, no a GNOME or KDE based desktop environment. 2. You should not run Wireshark with root privileges, see https://blog.wireshark.org/2010/02/running-wireshark-as-you/

(10 Nov '10, 10:28) Jaap ♦

-1

I had the same problem last night. The answer is to run from the terminal. Assuming the Wireshark application is in your Applications folder, it goes something like this: sudo /Applications/Wireshark.app/Contents/MacOS//Wireshark

As was eluded to in other messages, the issue seems to be about permissions. There my be a more responsible method rather than running as root, but I don't know it.

answered 10 Nov '10, 07:29

mbarnick's gravatar image

mbarnick
0
accept rate: 0%

See Jaap Keuter's reply to the person who suggested using "gksudo" or "kdesudo" - you do NOT want to run million-lines-of-code applications such as Wireshark or TShark as root.

(07 May '11, 10:25) Guy Harris ♦♦