Wireshark-bugs: [Wireshark-bugs] [Bug 4774] Wireshark can't open any capture devices in the defa
Date: Wed, 19 May 2010 17:55:45 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4774

Guy Harris <guy@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://bugs.wireshark.org/
                   |                            |bugzilla/show_bug.cgi?id=24
                   |                            |24
            Summary|No Ethernet adapters are    |Wireshark can't open any
                   |listed on initial install   |capture devices in the
                   |                            |default install

--- Comment #1 from Guy Harris <guy@xxxxxxxxxxxx> 2010-05-19 17:55:42 PDT ---
By default:

    1) the BPF pseudo-devices in OS X - which are the pseudo-devices used to
capture traffic - are only openable by root;

    2) dumpcap, in the current .dmg, isn't set-UID root (and it might require a
custom installer to install it as set-UID root);

    3) you have to manually install the startup item that can make the BPF
devices accessible to non-root users;

so, by default, you have no permission to do traffic capture with any
application (including the tcpdump that comes with the OS).  See bug 2424 for a
discussion of this.

We should probably consider making Wireshark not a drag-install app (it can't
be drag-install *and* allow traffic capture by default, as per the above) and
have it either

    1) make dumpcap set-UID root

or

    2) install the ChmodBPF startup item (or the newer launchd job).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.