Ask Your Question
0

Need debugging suggestions: No longer see ethernet interfaces after upgrading Mac from 10.15.1 to 10.15.3

asked 2020-02-17 17:23:41 +0000

dmaffitt gravatar image

updated 2020-02-18 13:46:52 +0000

MacOS 10.15.3 From the Wireshark 3.2.1 Intel 64.dmg, installed wireshark and ChmodBPF.pkg

Wireshark: Version 3.2.1 (v3.2.1-0-gbf38a67724d0)

crw-rw----  1 root  access_bpf   23,  78 Feb 17 09:29 /dev/bpf*

run wireshark as my user which is in group access_bpf and as superuser, same problem.

I do not see any of the interfaces, en0, lo0, etc. Just Cisco remote capture, Random packet generator, ssh remote capture, UDP Listener remote capture.

Wireshark was working well before update. I have uninstalled Wireshark and rebooted. I am at a loss as to what to try next.

Thanks, Dave

edit retag flag offensive close merge delete

Comments

So by

crw-rw----  1 root  access_bpf   23,  78 Feb 17 09:29 /dev/bpf*

do you mean that doing ls -l /dev/bpf* shows a list of /dev/bpfN devices, all of which have permissions rw-rw----, an owner of root, and a group of access_bpf?

What does the command id print?

Guy Harris gravatar imageGuy Harris ( 2020-02-17 17:43:24 +0000 )edit

Yes,

haven:~ drm$ ls -l /dev/bpf*
crw-rw----  1 root  access_bpf   23,   0 Feb 17 09:29 /dev/bpf0
crw-rw----  1 root  access_bpf   23,   1 Feb 17 09:30 /dev/bpf1

And

haven:~ drm$ id
uid=501(drm) gid=20(staff) groups=20(staff),701(com.apple.sharepoint.group.1),501(access_bpf),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),398(com.apple.access_screensharing),399(com.apple.access_ssh),33(_appstore),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),400(com.apple.access_remote_ae)
dmaffitt gravatar imagedmaffitt ( 2020-02-17 17:49:15 +0000 )edit

What do the commands tcpdump -D and dumpcap -D print?

Guy Harris gravatar imageGuy Harris ( 2020-02-18 19:37:37 +0000 )edit

Excellent question!

haven:~ drm$ /usr/sbin/tcpdump -D
tcpdump: SIOCGIFMEDIA on llw0 failed: Device power is off

Same message from "/Applications/Wireshark.app/Contents/MacOS/dumpcap".

This lead me to google the error, which led me to: https://ask.wireshark.org/question/13.... I apologize that my searching didn't find that before I posted.

Enabling WiFi allows tcpdump and dumpcap to see all interfaces. They disappear again when WiFil is disabled.

dmaffitt gravatar imagedmaffitt ( 2020-02-18 20:24:16 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-02-18 20:25:48 +0000

dmaffitt gravatar image

This is a bug in MacOS 10.15.2 and 10.15.3. Turn WiFi on and all interfaces are visible.

See https://ask.wireshark.org/question/13...

edit flag offensive delete link more

Comments

I turned the Wi-FI off on my MBP running 10.15.3, started Wireshark 3.2.1, and it showed all the interfaces - and didn't report "SIOCGIFMEDIA on llw0 failed: Device power is off" when I ran tcpdump -D.

This is a libpcap problem, which I've fixed in the tcpdump.org libpcap, and which I have reported to Apple, in the hopes that they pick it up (rather than it getting in the hands of some front-end developer support drone who just asks me for a whole bunch of system reports, rather than just directly passing it on to the networking group in Core OS as a libpcap bug).

I have reason to suspect that Apple went from libpcap 1.8.1, which did not have the code that causes this issue, to libpcap 1.9.1, which does either in 10.15.2 or 10.15.3 ...(more)

Guy Harris gravatar imageGuy Harris ( 2020-02-19 03:45:04 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-02-17 17:23:41 +0000

Seen: 227 times

Last updated: Feb 18