Brad Hards wrote:
I think you probably need to be root (or equivalent).
It's a BSD, so all you need is read access on the BPF devices. By
default, only root gets that, but you can arrange to give it to
yourself, as long as you have an account with admin privileges.
One way of doing that is to manually do, in a Terminal or xterm window:
sudo chown {you} /dev/bpf*
where "{you}" is your (short) login name. In OS X (and other BSDs with
devfs), that doesn't persist across a reboot, so you have to do it
before the first time you run tcpdump/Ethereal/etc. after every reboot.
A short while ago I created a startup item to do that as part of the
boot process. It uses "chgrp admin /dev/bpf*" followed by "chmod g+rw
/dev/bpf*", which gives anybody in the admin group, i.e. anybody with an
account allowed to administer the machine, access to the BPF devices.
It's just a shell script, so you can change it as you choose.
I've attached a tarball with the startup item. Create the directory
"/Library/StartupItems" if it doesn't already exist, and extract the
tarball into the directory (the process of extracting the tarball will
create a directory "/Library/StartupItems/ChmodBPF" with files
"ChmodBPF" and "StartupParameters.plist" in it). Edit "ChmodBPF" if you
want to give only your account, rather than all admin accounts, access
to the BPF devices. Then run the commands in the StartService command
with "sudo" - as you installed this startup item after the machine was
booted, it wasn't run on this boot.
There is arguably a convenience-vs.-security tradeoff here - giving
yourself or the admin group access privileges to the BPF devices means
programs run by you or by the admin group have access to them regardless
of whether you want them to or not, so a program you run could
conceivably do stuff on your network that you don't want it to. I
suspect few if any programs contain hidden code to do that, so I suspect
it's not a huge risk.
Attachment:
tarfile
Description: Binary data