Ask Your Question
0

can't detect interfaces on macos 10.15.2

asked 2019-12-17 09:09:41 +0000

derek.dong gravatar image

updated 2019-12-17 10:14:28 +0000

Jaap gravatar image

wireshark worked before I upgrade macos to 10.15.2.

after upgrade, wireshark can't detect interfaces. It only show four external capture: ciscodump randpkt sshdump udpdump

I have done all bpf things:

crw-rw----   1 root   access_bpf      23,  24 Dec 17 16:50 bpf24
crw-rw----   1 root   access_bpf      23, 240 Dec 17 16:50 bpf240
crw-rw----   1 root   access_bpf      23, 241 Dec 17 16:50 bpf241

output of id: (Derek is in the access_bpf group)
uid=501(Derek) gid=20(staff) groups=20(staff),502(access_bpf),12(everyone),61(localaccounts),80(admin),33(_appstore),98(_lpadmin),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)

I have installed 3.00, 3.07 and 3.20-beta, and I have rebooted multiple time.

I tried to start wireshark in sudo.

I have looked into console for wireshark logs, nothing useful:

default 17:06:24.150330+0800    runningboardd   Acquiring assertion targeting executable<Wireshark(501)> from originator [daemon<com.apple.coreservices.launchservicesd>:156] with description <RBSAssertionDescriptor; frontmost:1768; ID: 290-156-195; target: 1768> attributes = {
    <RBSDomainAttribute: 0x7f84c642ad30; domain: com.apple.launchservicesd; name: RoleUserInteractiveFocal; sourceEnvironment: 0x0>;
}
default 17:06:24.150593+0800    runningboardd   Assertion 290-156-195 (target:executable<Wireshark(501)>) will be created as active
default 17:06:24.154681+0800    runningboardd   Finished acquiring assertion 290-156-195 (target:executable<Wireshark(501)>)
default 17:06:24.154831+0800    runningboardd   [executable<Wireshark(501)>:1768] Ignoring jetsam update because this process is not memory-managed
default 17:06:24.155090+0800    runningboardd   [executable<Wireshark(501)>:1768] Set darwin role to: UserInteractiveFocal
default 17:06:24.155355+0800    runningboardd   [executable<Wireshark(501)>:1768] Ignoring GPU update because this process is not GPU managed
default 17:06:27.619652+0800    runningboardd   Invalidating assertion 290-156-195 (target:executable<Wireshark(501)>) from originator 156
default 17:06:27.734235+0800    runningboardd   [executable<Wireshark(501)>:1768] Ignoring jetsam update because this process is not memory-managed
default 17:06:27.734450+0800    runningboardd   [executable<Wireshark(501)>:1768] Set darwin role to: UserInteractiveNonFocal
default 17:06:27.734716+0800    runningboardd   [executable<Wireshark(501)>:1768] Ignoring GPU update because this process is not GPU managed

Any other ways except REINSTALL MACOS?

BTW: tcpdump from terminal works.

edit retag flag offensive close merge delete

Comments

Is this the same issue as in this question?

Stig gravatar imageStig ( 2019-12-17 12:50:58 +0000 )edit

yes, it is the same issue. By turning on wifi, wireshark can detect all interfaces.

derek.dong gravatar imagederek.dong ( 2019-12-18 01:21:05 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-12-17 10:00:07 +0000

derek.dong gravatar image

i find a workaround: wireshark accept -i interface parameter; by specifying interfaces in cmd, wireshark works again.

I usually capture on three interfaces: lo0, eth0, eth7; so I modified the script that launches wireshark by appending "-i en7 -i lo0 -i en0".

edit flag offensive delete link more

Comments

Can you elaborate on this? I am able to use terminal command "wireshark accept -i en4" (figured out how to find the correct network interface ID) and it will launch the wireshark app and allow me to capture data on the usb interface, HOWEVER, i get this annoying pop up that says file does not exist and then it tries to get me to point to the file to open. anyway to make this into a shortcut and./or get rid of the pop up?

mblend27 gravatar imagemblend27 ( 2019-12-19 10:14:10 +0000 )edit

Bump? I would appreciate any help

mblend27 gravatar imagemblend27 ( 2019-12-20 10:08:26 +0000 )edit

here is my script (don't know how to format text, just copy it):

!/bin/sh

#

Wireshark CLI utility launcher

if [ -z "$WIRESHARK_APP_DIR" ] ; then WIRESHARK_APP_DIR="/Applications/Wireshark.app" fi

if [ ! -d "$WIRESHARK_APP_DIR" ] ; then WIRESHARK_APP_DIR=mdfind "kMDItemCFBundleIdentifier == 'org.wireshark.Wireshark'" | head -n 1 fi

if [ ! -d "$WIRESHARK_APP_DIR" ] ; then echo "Wireshark doesn't appear to be located at $WIRESHARK_APP_DIR." echo "Please set WIRESHARK_APP_DIR to its proper location and try again." exit 1 fi

APP_NAME=basename "$0" if [ "$APP_NAME" = "wireshark" ] ; then APP_NAME=Wireshark fi exec "$WIRESHARK_APP_DIR/Contents/MacOS/$APP_NAME" -i en7 -i lo0 -i en0 "$@"

derek.dong gravatar imagederek.dong ( 2019-12-23 02:48:52 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2019-12-17 09:09:41 +0000

Seen: 2,866 times

Last updated: Dec 17 '19