ChmodBPF "Permission denied" on MacOS 10.15.4 Catalina
Wireshark 3.2.3 reports instead that I should "install ChmodBPF to fix this" but that doesn't work and is already installed. The executable gives up after 255 tries with:
/Library/Application\ Support/Wireshark/ChmodBPF/ChmodBPF ; exit; /Library/Application Support/Wireshark/ChmodBPF/ChmodBPF: line 35: /dev/bpf0: Permission denied
Then another 255 tries to:
chgrp: /dev/bpf0: Operation not permitted
ChmodBPF must be run as root - and launchd should run it, as root, as a startup-time job, and the Wireshark install script should also run it as root, so you shouldn't need to run it.
What does
ls -l /dev/bpf0
print? If it prints something such asthen it did run and should already have set up your machine to allow everybody in the access_bpf group to capture traffic.
If it doesn't print that, what does
print?
Thanks for the hint! Listing /dev/bpf0 yields "no such file or directory." and egrep yields "- 0 org.wireshark.ChmodBPF" and I don't see /dev/bpf0 anywhere on the system, hidden or otherwise. I'm assuming the installer script cannot create /dev/pbf0?
Sort of. The BPF devices are supposed to be created "on demand" by attempts to open them, and the script tries to create a lot of them and give them the right permissions and ownership.
What happens if you run the command
sudo tcpdump -i en0
? It should printIf it does, type control-C; at that point, there should at least be a
/dev/bpf0
device.That does give the result you show there, but WireShark still isn't finding it where it expects to find it or doesn't have permission to use it. (?)
I also get the permission issue and installing the ChmodBPF had gotten rid of the permission issue; however, it did not resolve the Wireshark not starting up after upgrading to MacOS 10.15.4. I believe the Wireshark folks is aware of the issue as I had seen a reference on their blog on April 24th regards the fix and that it was easy; however, I cannot find the blog post on blog.wireshark.org when I looked yesterday May 8th.`