Need debugging suggestions: No longer see ethernet interfaces after upgrading Mac from 10.15.1 to 10.15.3

macOS

asked 2020-02-17 17:23:41 +0000

dmaffitt
1 ●1 ●1

updated 2020-02-18 13:46:52 +0000

MacOS 10.15.3 From the Wireshark 3.2.1 Intel 64.dmg, installed wireshark and ChmodBPF.pkg

Wireshark: Version 3.2.1 (v3.2.1-0-gbf38a67724d0)

crw-rw----  1 root  access_bpf   23,  78 Feb 17 09:29 /dev/bpf*

run wireshark as my user which is in group access_bpf and as superuser, same problem.

I do not see any of the interfaces, en0, lo0, etc. Just Cisco remote capture, Random packet generator, ssh remote capture, UDP Listener remote capture.

Wireshark was working well before update. I have uninstalled Wireshark and rebooted. I am at a loss as to what to try next.

Thanks, Dave

edit retag flag offensive close merge delete

Comments

So by

crw-rw----  1 root  access_bpf   23,  78 Feb 17 09:29 /dev/bpf*

do you mean that doing ls -l /dev/bpf* shows a list of /dev/bpfN devices, all of which have permissions rw-rw----, an owner of root, and a group of access_bpf?

What does the command id print?

Guy Harris ( 2020-02-17 17:43:24 +0000 )edit

Yes,

haven:~ drm$ ls -l /dev/bpf*
crw-rw----  1 root  access_bpf   23,   0 Feb 17 09:29 /dev/bpf0
crw-rw----  1 root  access_bpf   23,   1 Feb 17 09:30 /dev/bpf1

And

haven:~ drm$ id
uid=501(drm) gid=20(staff) groups=20(staff),701(com.apple.sharepoint.group.1),501(access_bpf),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),398(com.apple.access_screensharing),399(com.apple.access_ssh),33(_appstore),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),400(com.apple.access_remote_ae)

dmaffitt ( 2020-02-17 17:49:15 +0000 )edit

What do the commands tcpdump -D and dumpcap -D print?

Guy Harris ( 2020-02-18 19:37:37 +0000 )edit

Excellent question!

haven:~ drm$ /usr/sbin/tcpdump -D
tcpdump: SIOCGIFMEDIA on llw0 failed: Device power is off

Same message from "/Applications/Wireshark.app/Contents/MacOS/dumpcap".

This lead me to google the error, which led me to: https://ask.wireshark.org/question/13.... I apologize that my searching didn't find that before I posted.

Enabling WiFi allows tcpdump and dumpcap to see all interfaces. They disappear again when WiFil is disabled.

dmaffitt ( 2020-02-18 20:24:16 +0000 )edit

add a comment

answered 2020-02-18 20:25:48 +0000

dmaffitt
1 ●1 ●1

This is a bug in MacOS 10.15.2 and 10.15.3. Turn WiFi on and all interfaces are visible.

See https://ask.wireshark.org/question/13...

edit flag offensive delete link

Comments

I turned the Wi-FI off on my MBP running 10.15.3, started Wireshark 3.2.1, and it showed all the interfaces - and didn't report "SIOCGIFMEDIA on llw0 failed: Device power is off" when I ran tcpdump -D.

This is a libpcap problem, which I've fixed in the tcpdump.org libpcap, and which I have reported to Apple, in the hopes that they pick it up (rather than it getting in the hands of some front-end developer support drone who just asks me for a whole bunch of system reports, rather than just directly passing it on to the networking group in Core OS as a libpcap bug).

I have reason to suspect that Apple went from libpcap 1.8.1, which did not have the code that causes this issue, to libpcap 1.9.1, which does either in 10.15.2 or 10.15.3 ...(more)

Guy Harris ( 2020-02-19 03:45:04 +0000 )edit

add a comment

Need debugging suggestions: No longer see ethernet interfaces after upgrading Mac from 10.15.1 to 10.15.3

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Need debugging suggestions: No longer see ethernet interfaces after upgrading Mac from 10.15.1 to 10.15.3 edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Need debugging suggestions: No longer see ethernet interfaces after upgrading Mac from 10.15.1 to 10.15.3