On Jul 2, 2009, at 12:01 AM, Ed Wagner wrote:
I tried Wireshark on my home Apple Intel IMAC using Leopard 10.5.7
and found that I could not capture anything as an administrator. The
interfaces did not show up, and I saw an error stating that
permission on /dev/bpf0 was denied. Apparently this program must be
run as root because the permissions on thios file are crw-------
root wheel. However, MAC OS X does not have a RunAs command like
Windows does
No; instead, it has an "sudo" command like many other UN*Xes do. :-)
One thing you can do with "sudo" is
sudo chgrp admin /dev/bpf*
sudo chmod g+w /dev/bpf*
which gives everybody in the group "admin" - i.e., all administrative
users - read and write permission on the BPF devices.
That won't persist across a reboot, so you'd have to install a startup
item or a launchd daemon to do that at boot time; the Wireshark .dmg
has a startup item you can install to do that.