I have just installed wireshark 1.4.1 in my Mac 10.6.4 but i get the following error (-) "There are no interfaces on which a capture can be done." What can i do? asked 21 Oct '10, 13:26 the_sniffer edited 07 May '11, 07:18 cmaynard ♦♦ |
6 Answers:
This solution worked for me on OS X Leopard 10.6.6 running wireshark 1.4.3
The last command will display a list of files such as:
Make sure all of them have your user name and admin as the user/group. For some reason, the last one didn't get assigned properly so I had to run the command:
that fixed it from there, you can type:
And it will work. Hope that helps someone, -gmale answered 08 Feb '11, 22:08 gmale edited 08 Feb '11, 22:12 BPF devices are created "on the fly" as needed, in groups of 4, in Mac OS X; the "chown" command (which should probably have "bpf" rather than "bp" as its argument) will affect only the BPF devices that currently exist; if all the BPF devices are currently open, the next program that tries to open one will provoke 4 more to be created, and they'll have permissions rw------- and be owned by root:wheel. Perhaps someday OS X will switch to using a cloning BPF device. (07 May '11, 10:28) Guy Harris ♦♦ gmale, Perfect! Helped me: thank you :) By the way, I did this with Wireshark running, and the fix worked in place. (10 May '13, 17:50) Raymond Naseef |
From http://ask.wireshark.org/questions/2829/capturing-with-wireshark-on-mac-os-1066:
answered 07 May '11, 02:36 SYN-bit ♦♦ |
I think you experience the common problem that your Wireshark does not have the necessary rights to access the network card for data capture. Maybe this Wiki page will help: http://wiki.wireshark.org/CaptureSetup/CapturePrivileges answered 22 Oct '10, 04:48 Jasper ♦♦ Thanks Jasper... But i tried to understand the Mac OS part but it didnt pin to a solution that really helped. I did more diging and i tried some steps from youtube: http://www.youtube.com/watch?v=Tgm4n6zVDAY but all the mentioned steps didnt help :( (22 Oct '10, 08:37) the_sniffer Hi, sorry, but I have no Mac skills whatsoever and I have no Mac around to try things out, otherwise I would try to get you a step by step solution. Maybe some other Mac hero can help you here? (22 Oct '10, 09:01) Jasper ♦♦ No mac user here, but may be you can find useful information in this thread or bug 4909 (22 Oct '10, 11:40) joke |
Another option is to run WireShark as su:
This is not recommended - for security reasons - but at least you can quickly test if the installation works. In this example, WireShark was installed using MacPorts, hence the unusual path. answered 06 May '11, 01:24 perqa edited 06 May '11, 01:30 |
Modify the shortcut / menu item to run "gksudo wireshark" or "kdesudo". This should then prompt you for the root password and enable you to access the interfaces with sufficient rights. answered 22 Oct '10, 15:25 Peter That's not the way to proceed, because: 1. It's a Mac, no a GNOME or KDE based desktop environment. 2. You should not run Wireshark with root privileges, see https://blog.wireshark.org/2010/02/running-wireshark-as-you/ (10 Nov '10, 10:28) Jaap ♦ |
I had the same problem last night. The answer is to run from the terminal. Assuming the Wireshark application is in your Applications folder, it goes something like this: sudo /Applications/Wireshark.app/Contents/MacOS//Wireshark As was eluded to in other messages, the issue seems to be about permissions. There my be a more responsible method rather than running as root, but I don't know it. answered 10 Nov '10, 07:29 mbarnick See Jaap Keuter's reply to the person who suggested using "gksudo" or "kdesudo" - you do NOT want to run million-lines-of-code applications such as Wireshark or TShark as root. (07 May '11, 10:25) Guy Harris ♦♦ |
When upgrading from 1.4.3 to 1.6.2 in 10.5.8 I had the same problem with dev permissions.
I noticed that ChmodBPF is different.
In 1.4.3 it issues the following commands
In 1.6.2 it issues the following commands
The group access_bpf is not added by the Wireshark installer.
It is added on 10.6, by using the "dseditgroup" command. What does the command "man dseditgroup" print on your 10.5.8 machine? Perhaps that command is missing, or perhaps it behaves differently in 10.5.x, so that the script's use of it works in 10.6.x but not 10.5.x.
Please file a bug on this at the Wireshark bugzilla, and put the output of "man dseditgroup" in that bug. ask.wireshark.org is not the best place for discussion of bugs.