Hey,
So I got MacBook M1 and having trouble in starting packet captures. Wireshark requires "ChmodBPF" package which I have installed but still having issues with it.
Can someone please help as without the ability of capturing packets, the tool is not much of a use :(
I am surprised that on MacBook its having issues.
I just found a solution, running Sequoia on M1. In order to see packets, you have to disable Monitor mode. I you want to use Monitor mode, for example to see 802.11 packets, yo need first to disconnect from any Wifi Network, then you start seing the packets.
Are you running Ventura? This worked for me https://ask.wireshark.org/question/29...
ChmodBPF does a UNIX "chmod" command to change the permission bits on all the BPF devices, so that Wireshark (well, Wireshark's dumpcap program) can open them without root privileges. The /dev/bpf files are not stored on a file system that exists after a reboot - the file system is recreated from scratch after a reboot (it's the macOS devfs), so the permission changes are lost after a reboot.
This means that you need to run the ChmodBPF script after every reboot. Wireshark installs it in a fashion that should cause it to be run automatically after every reboot, but something about Ventura 13.1 is causing that not to happen. This is a known issue.
Asked: 2023-01-08 02:30:05 +0000
Seen: 2,475 times
Last updated: Dec 09
I am having trouble installing ChmodBPF, how do i do this exactly as the installer doesn't seem to work?