Ask Your Question
0

can't detect interfaces on macos 10.15.2

asked 2019-12-17 09:09:41 +0000

derek.dong gravatar image

updated 2019-12-17 10:14:28 +0000

Jaap gravatar image

wireshark worked before I upgrade macos to 10.15.2.

after upgrade, wireshark can't detect interfaces. It only show four external capture: ciscodump randpkt sshdump udpdump

I have done all bpf things:

crw-rw----   1 root   access_bpf      23,  24 Dec 17 16:50 bpf24
crw-rw----   1 root   access_bpf      23, 240 Dec 17 16:50 bpf240
crw-rw----   1 root   access_bpf      23, 241 Dec 17 16:50 bpf241

output of id: (Derek is in the access_bpf group)
uid=501(Derek) gid=20(staff) groups=20(staff),502(access_bpf),12(everyone),61(localaccounts),80(admin),33(_appstore),98(_lpadmin),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)

I have installed 3.00, 3.07 and 3.20-beta, and I have rebooted multiple time.

I tried to start wireshark in sudo.

I have looked into console for wireshark logs, nothing useful:

default 17:06:24.150330+0800    runningboardd   Acquiring assertion targeting executable<Wireshark(501)> from originator [daemon<com.apple.coreservices.launchservicesd>:156] with description <RBSAssertionDescriptor; frontmost:1768; ID: 290-156-195; target: 1768> attributes = {
    <RBSDomainAttribute: 0x7f84c642ad30; domain: com.apple.launchservicesd; name: RoleUserInteractiveFocal; sourceEnvironment: 0x0>;
}
default 17:06:24.150593+0800    runningboardd   Assertion 290-156-195 (target:executable<Wireshark(501)>) will be created as active
default 17:06:24.154681+0800    runningboardd   Finished acquiring assertion 290-156-195 (target:executable<Wireshark(501)>)
default 17:06:24.154831+0800    runningboardd   [executable<Wireshark(501)>:1768] Ignoring jetsam update because this process is not memory-managed
default 17:06:24.155090+0800    runningboardd   [executable<Wireshark(501)>:1768] Set darwin role to: UserInteractiveFocal
default 17:06:24.155355+0800    runningboardd   [executable<Wireshark(501)>:1768] Ignoring GPU update because this process is not GPU managed
default 17:06:27.619652+0800    runningboardd   Invalidating assertion 290-156-195 (target:executable<Wireshark(501)>) from originator 156
default 17:06:27.734235+0800    runningboardd   [executable<Wireshark(501)>:1768] Ignoring jetsam update because this process is not memory-managed
default 17:06:27.734450+0800    runningboardd   [executable<Wireshark(501)>:1768] Set darwin role to: UserInteractiveNonFocal
default 17:06:27.734716+0800    runningboardd   [executable<Wireshark(501)>:1768] Ignoring GPU update because this process is not GPU managed

Any other ways except REINSTALL MACOS?

BTW: tcpdump from terminal works.

edit retag flag offensive close merge delete

Comments

Is this the same issue as in this question?

Stig gravatar imageStig ( 2019-12-17 12:50:58 +0000 )edit

yes, it is the same issue. By turning on wifi, wireshark can detect all interfaces.

derek.dong gravatar imagederek.dong ( 2019-12-18 01:21:05 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-12-17 10:00:07 +0000

derek.dong gravatar image

i find a workaround: wireshark accept -i interface parameter; by specifying interfaces in cmd, wireshark works again.

I usually capture on three interfaces: lo0, eth0, eth7; so I modified the script that launches wireshark by appending "-i en7 -i lo0 -i en0".

edit flag offensive delete link more

Comments

Can you elaborate on this? I am able to use terminal command "wireshark accept -i en4" (figured out how to find the correct network interface ID) and it will launch the wireshark app and allow me to capture data on the usb interface, HOWEVER, i get this annoying pop up that says file does not exist and then it tries to get me to point to the file to open. anyway to make this into a shortcut and./or get rid of the pop up?

mblend27 gravatar imagemblend27 ( 2019-12-19 10:14:10 +0000 )edit

Bump? I would appreciate any help

mblend27 gravatar imagemblend27 ( 2019-12-20 10:08:26 +0000 )edit

here is my script (don't know how to format text, just copy it):

!/bin/sh

#

Wireshark CLI utility launcher

if [ -z "$WIRESHARK_APP_DIR" ] ; then WIRESHARK_APP_DIR="/Applications/Wireshark.app" fi

if [ ! -d "$WIRESHARK_APP_DIR" ] ; then WIRESHARK_APP_DIR=mdfind "kMDItemCFBundleIdentifier == 'org.wireshark.Wireshark'" | head -n 1 fi

if [ ! -d "$WIRESHARK_APP_DIR" ] ; then echo "Wireshark doesn't appear to be located at $WIRESHARK_APP_DIR." echo "Please set WIRESHARK_APP_DIR to its proper location and try again." exit 1 fi

APP_NAME=basename "$0" if [ "$APP_NAME" = "wireshark" ] ; then APP_NAME=Wireshark fi exec "$WIRESHARK_APP_DIR/Contents/MacOS/$APP_NAME" -i en7 -i lo0 -i en0 "$@"

derek.dong gravatar imagederek.dong ( 2019-12-23 02:48:52 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2019-12-17 09:09:41 +0000

Seen: 2,866 times

Last updated: Dec 17 '19

Related questions

Wireless controls are not supported in this version of wireshark

How to switch Mac OS NIC to monitor mode during use internet

How to fix "The capture session could not be initiated on interface" (You don't have permission to capture on that device)

Forcing Mac OS X to reconnect in monitor mode

Why is wireshark 2.6.1 forcing a specific keyboard layout on macOS when started with sudo? [closed]

How is interface "XHC20" created on macOS?

libssh in Wireshark 2.x for macOS susceptible to CVE-2018-10933 exploit?

wireshark not capturing FTP on en0

interface XHC20 does not exist

Plugin shows up in source code wireshark but not application