How to fix "The capture session could not be initiated on interface" (You don't have permission to capture on that device)
I had thought that the installer had got around this problem, but it is back.
Problem: Whenever I try and capture traffic on and interface, I get a message like "The capture session could not be initiated on interface 'en0' (You don't have permission to capture on that device")
Attempted Solution:Checked out the uninstall script I found at https://github.com/srozzo/wireshark-u... and when I was satisfied that it seemed to do the jobs listed in the installer Read me first.rft file, I completely uninstalled Wireshard using the command (as root)
bash -c "$(curl -sL https://raw.github.com/srozzo/wireshark-uninstall-osx/master/uninstall.sh)"
Then re-run the installer using the latest version download. (v 2.4.5)
Environment: I have attemtpted this on two computers:
Computer #1: MacOS 10.12.6 - MacBook Pro 15" 2016 (No in-built ethernet interface, only wifi and USB Ethernet)
Computer #2: MacOS 10.13.3 - Mac Mini Mid 2011 (Inbuilt Gigebit Ethernet adapter and WiFi)
Other Information: While running the uninstall script, a message appeared
/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist: Could not find specified service
however, that may have been because the script tried to remove more devices than necessary.
I also noticed that after doing the new install, my bfd divices appeared as
sh-3.2# ls -lh /dev/bpf*
crw------- 1 root wheel 23, 0 22 Feb 08:47 /dev/bpf0
crw------- 1 root wheel 23, 1 22 Feb 08:47 /dev/bpf1
crw------- 1 root wheel 23, 2 10 Mar 14:21 /dev/bpf2
crw------- 1 root wheel 23, 3 10 Mar 14:21 /dev/bpf3
crw------- 1 root wheel 23, 4 22 Feb 08:48 /dev/bpf4
whereas I expected them to have rw group permissions. I changed the permissions viz:
sh-3.2# chmod g+rw /dev/bpf*
sh-3.2# ls -lh /dev/bpf*
crw-rw---- 1 root wheel 23, 0 22 Feb 08:47 /dev/bpf0
crw-rw---- 1 root wheel 23, 1 22 Feb 08:47 /dev/bpf1
crw-rw---- 1 root wheel 23, 2 10 Mar 14:21 /dev/bpf2
crw-rw---- 1 root wheel 23, 3 10 Mar 14:21 /dev/bpf3
crw-rw---- 1 root wheel 23, 4 22 Feb 08:48 /dev/bpf4
but this did not improve the situation.
My Question Does anyone know how to How to fix "The capture session could not be initiated on interface" (You don't have permission to capture on that devi and get Wireshark running on macOS?
[Edit: Added two graphics in response to suggestions below]
When you installed Wireshark, you did leave "Set capture permissions on startup" checked, rather than un-checking it, right?
Correct. I did leave "Set capture permissions on startup" checked, rather than un-checking it. See edit above. Thanks for responding anyway.
No, that wouldn't cause it - that's not a device, that's a file.
The most likely reason for that error would be that the service did not, in fact, exist; that would certainly explain why that service, whose purpose is to, at boot time, pre-create a lot of BPF devices and make all the BPF devices in existence after that owned by group
access_bpfand be group readable and writable, isn't, in fact, doing that.After installing Wireshark, what does
print? If it doesn't print
(for some values ...(more)