Wireshark · Wireshark-users: Re: [Wireshark-users] Error when trying to run wireshark-chmodbpf 1.0.2

Wireshark-users: Re: [Wireshark-users] Error when trying to run wireshark-chmodbpf 1.0.2

From: Guy Harris <gharris@xxxxxxxxx>

Date: Thu, 14 Jan 2021 22:13:35 -0800

On Jan 14, 2021, at 5:43 PM, Gerald Combs <gerald@xxxxxxxxxxxxx> wrote:

> I can replicate the "Resource busy" message here by running Wireshark, leaving the welcome screen up and attempting to read from /dev/bpf0:
> 
> ----
> $ read -n 0 < /dev/bpf0 > /dev/null 2>&1
> bash: /dev/bpf0: Resource busy
> ----
> 
> However, that's just a result of Wireshark updating the interface sparklines via `dumpcap -S`,

Not necessarily:

	$ read -n 0 < /dev/bpf0 > /dev/null
	-bash: /dev/bpf0: Resource busy
	$ ps -ef | egrep -i 'tcpdump|shark|dumpcap'
	  501 95591 32227   0 10:00PM ttys114    0:00.00 egrep -i tcpdump|shark|dumpcap

and that's because:

	$ sudo lsof /dev/bpf0 /dev/bpf1
	Password:

		...

	COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
	airportd 344 root 41u CHR 23,0 0t0 580 /dev/bpf0
	airportd 344 root 42u CHR 23,0 0t0 580 /dev/bpf0
	airportd 344 root 43u CHR 23,1 0t0 581 /dev/bpf1

References:
- [Wireshark-users] Error when trying to run wireshark-chmodbpf 1.0.2
  - From: Kok-Yong Tan
- Re: [Wireshark-users] Error when trying to run wireshark-chmodbpf 1.0.2
  - From: Jaap Keuter
- Re: [Wireshark-users] Error when trying to run wireshark-chmodbpf 1.0.2
  - From: Kok-Yong Tan
- Re: [Wireshark-users] Error when trying to run wireshark-chmodbpf 1.0.2
  - From: Gerald Combs

Prev by Date: Re: [Wireshark-users] Error when trying to run wireshark-chmodbpf 1.0.2
Next by Date: Re: [Wireshark-users] Error when trying to run wireshark-chmodbpf 1.0.2
Previous by thread: Re: [Wireshark-users] Error when trying to run wireshark-chmodbpf 1.0.2
Next by thread: [Wireshark-users] Wireshark 3.4.3 is now available
Index(es):
- Date
- Thread