Comment # 3
on bug 11659
from Guy Harris
(In reply to Jim Young from comment #2)
> I was surprised and perhaps a bit annoyed that we have to "sudo
> tcpdump" in order to use the documented but hidden OS X pktap and iptap
> interfaces but not the visible interfaces (like en0).
That's a result of Apple's decision to require root privileges to set up pktap
interfaces but not to add an additional "you have to be root" requirement for
opening BPF devices over and above the file permissions on /dev/bpf*. We can
change the permissions on the BPF devices, and do so with a launchd launch
daemon that we install, but we can't change the pktap requirements.
> FWIW: Its actually pretty neat to see the pktap0 interface dynamically show
> up and disappear in Qt Wireshark's Welcome screen each time "sudo tcpdump"
> command is started and stopped!
Yes, on Linux and OS X we listen for "interface appeared" and "interface
disappeared" events in both the GTK+ and Qt Wireshark UI and update the
interface lists accordingly.
You are receiving this mail because:
- You are watching all bug changes.