Wireshark-users: Re: [Wireshark-users] MacOS 10.6 / Wireshark 1.2.1 - No interfaces to capture fr

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 9 Sep 2009 17:25:51 -0700

On Sep 8, 2009, at 5:20 PM, Ron Ripley wrote:

Wireshark app loads great, but I run across two issues, the first it
does not display a list of interfaces in which I can capture.  Is this
because I am using MacOS 10.6 or did I miss something in the
installation.

You missed something in the installation.

Open the "Read me first" document, and note item 4 in "Quick Setup" and the item about the "Utilities/ChmodBPF folder" in "Details".

			*H*O*W*E*V*E*R

also note that, unfortunately:

1) just opening the "Utilities" folder and dragging the "ChmodBPF" folder to the "StartupItems" alias won't set the ownership of the ChmodBPF startup item correctly

and

2) more importantly, there's a bug in that startup item that means it doesn't work on Snow Leopard (I think it may have worked, despite the bug, on some earlier versions of Mac OS X).

So, instead, save the attached tar file (which contains a fixed version of the startup item, with the right ownership) somewhere and do, from Terminal, "sudo tar -C /Library/StartupItems xf {tarfile}" (where "{tarfile}" is the path to the saved tar file), and then do "sudo /sbin/SystemStarter start ChmodBPF".

Once that's done, do "ls -l /dev/bpf*"; it should report something like

	crw-rw----  1 root  admin   23,   0 Sep  9 16:30 /dev/bpf0
	crw-rw----  1 root  admin   23,   1 Sep  9 16:30 /dev/bpf1
	crw-rw----  1 root  admin   23,   2 Aug  7 17:15 /dev/bpf2
	crw-rw----  1 root  admin   23,   3 Aug  7 17:15 /dev/bpf3

(the dates and times might be different).

Once that's done, you should see a list of interfaces from Wireshark.

(Note: this will also let you run TShark, dumpcap, or tcpdump as yourself, rather than as root.)

Also, when trying to display help, It complains that I didn't properly
setup the web browser command, which looks for mozilla to launch, do I
need to install a non mac version of mozilla that X11 can use?

No. That's the result of a problem in the build procedure for the 1.2.1 Wireshark distribution (and the 1.0.8 distribution, and possibly older 1.0.x and 1.2.x distributions); it's supposed to launch your Web browser without anything having to be configured. We'll try to fix that for the 1.2.2 (and 1.0.9) build; if it can't be done for that, we'll try to fix it for 1.2.3.

With any luck, problem 2 above (the startup item bug) will be fixed in 1.2.2 and 1.0.9, too. (Problem 1 above won't necessarily be fixed, but we might be able to fix that as well; if not, at least fixing it up afterwards will be easier.)

Attachment: tarfile
Description: Binary data