Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2019-12-17 09:09:41 +0000

derek.dong gravatar image

can't detect interfaces on macos 10.15.2

wireshark worked before I upgrade macos to 10.15.2.

after upgrade, wireshark can't detect interfaces. It only show four external capture: ciscodump randpkt sshdump udpdump

I have done all bpf things:

crw-rw---- 1 root access_bpf 23, 24 Dec 17 16:50 bpf24 crw-rw---- 1 root access_bpf 23, 240 Dec 17 16:50 bpf240 crw-rw---- 1 root access_bpf 23, 241 Dec 17 16:50 bpf241

output of id: (Derek is in the access_bpf group) uid=501(Derek) gid=20(staff) groups=20(staff),502(access_bpf),12(everyone),61(localaccounts),80(admin),33(_appstore),98(_lpadmin),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)

I have installed 3.00, 3.07 and 3.20-beta, and I have rebooted multiple time.

I tried to start wireshark in sudo.

I have looked into console for wireshark logs, nothing useful:

default 17:06:24.150330+0800 runningboardd Acquiring assertion targeting executable<wireshark(501)&gt; from="" originator="" [daemon<com.apple.coreservices.launchservicesd="">:156] with description <rbsassertiondescriptor; frontmost:1768;="" id:="" 290-156-195;="" target:="" 1768=""> attributes = { <rbsdomainattribute: 0x7f84c642ad30;="" domain:="" com.apple.launchservicesd;="" name:="" roleuserinteractivefocal;="" sourceenvironment:="" 0x0="">; } default 17:06:24.150593+0800 runningboardd Assertion 290-156-195 (target:executable<wireshark(501)&gt;) will="" be="" created="" as="" active="" default="" 17:06:24.154681+0800="" runningboardd="" finished="" acquiring="" assertion="" 290-156-195="" (target:executable<wireshark(501)&gt;)="" default="" 17:06:24.154831+0800="" runningboardd="" [executable<wireshark(501)&gt;:1768]="" ignoring="" jetsam="" update="" because="" this="" process="" is="" not="" memory-managed="" default="" 17:06:24.155090+0800="" runningboardd="" [executable<wireshark(501)&gt;:1768]="" set="" darwin="" role="" to:="" userinteractivefocal="" default="" 17:06:24.155355+0800="" runningboardd="" [executable<wireshark(501)&gt;:1768]="" ignoring="" gpu="" update="" because="" this="" process="" is="" not="" gpu="" managed="" default="" 17:06:27.619652+0800="" runningboardd="" invalidating="" assertion="" 290-156-195="" (target:executable<wireshark(501)&gt;)="" from="" originator="" 156="" default="" 17:06:27.734235+0800="" runningboardd="" [executable<wireshark(501)&gt;:1768]="" ignoring="" jetsam="" update="" because="" this="" process="" is="" not="" memory-managed="" default="" 17:06:27.734450+0800="" runningboardd="" [executable<wireshark(501)&gt;:1768]="" set="" darwin="" role="" to:="" userinteractivenonfocal="" default="" 17:06:27.734716+0800="" runningboardd="" [executable<wireshark(501)&gt;:1768]="" ignoring="" gpu="" update="" because="" this="" process="" is="" not="" gpu="" managed<="" p="">

Any other ways except REINSTALL MACOS?

BTW: tcpdump from terminal works.

click to hide/show revision 2
None

updated 2019-12-17 10:14:28 +0000

Jaap gravatar image

can't detect interfaces on macos 10.15.2

wireshark worked before I upgrade macos to 10.15.2.

after upgrade, wireshark can't detect interfaces. It only show four external capture: ciscodump randpkt sshdump udpdump

I have done all bpf things:

crw-rw----   1 root   access_bpf      23,  24 Dec 17 16:50 bpf24
crw-rw----   1 root   access_bpf      23, 240 Dec 17 16:50 bpf240
crw-rw----   1 root   access_bpf      23, 241 Dec 17 16:50 bpf241
 
bpf241

output of id: (Derek is in the access_bpf group)
uid=501(Derek) gid=20(staff) groups=20(staff),502(access_bpf),12(everyone),61(localaccounts),80(admin),33(_appstore),98(_lpadmin),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)
groups=20(staff),502(access_bpf),12(everyone),61(localaccounts),80(admin),33(_appstore),98(_lpadmin),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)

I have installed 3.00, 3.07 and 3.20-beta, and I have rebooted multiple time.

I tried to start wireshark in sudo.

I have looked into console for wireshark logs, nothing useful:

default 17:06:24.150330+0800    runningboardd   Acquiring assertion targeting executable<wireshark(501)&gt; from="" originator="" [daemon<com.apple.coreservices.launchservicesd="">:156] executable<Wireshark(501)> from originator [daemon<com.apple.coreservices.launchservicesd>:156] with description <rbsassertiondescriptor; frontmost:1768;="" id:="" 290-156-195;="" target:="" 1768=""> <RBSAssertionDescriptor; frontmost:1768; ID: 290-156-195; target: 1768> attributes = {
    <rbsdomainattribute: 0x7f84c642ad30;="" domain:="" com.apple.launchservicesd;="" name:="" roleuserinteractivefocal;="" sourceenvironment:="" 0x0="">;
<RBSDomainAttribute: 0x7f84c642ad30; domain: com.apple.launchservicesd; name: RoleUserInteractiveFocal; sourceEnvironment: 0x0>;
}
default 17:06:24.150593+0800    runningboardd   Assertion 290-156-195 (target:executable<wireshark(501)&gt;) will="" be="" created="" as="" active="" default="" 17:06:24.154681+0800="" runningboardd="" finished="" acquiring="" assertion="" 290-156-195="" (target:executable<wireshark(501)&gt;)="" default="" 17:06:24.154831+0800="" runningboardd="" [executable<wireshark(501)&gt;:1768]="" ignoring="" jetsam="" update="" because="" this="" process="" is="" not="" memory-managed="" default="" 17:06:24.155090+0800="" runningboardd="" [executable<wireshark(501)&gt;:1768]="" set="" darwin="" role="" to:="" userinteractivefocal="" default="" 17:06:24.155355+0800="" runningboardd="" [executable<wireshark(501)&gt;:1768]="" ignoring="" gpu="" update="" because="" this="" process="" is="" not="" gpu="" managed="" default="" 17:06:27.619652+0800="" runningboardd="" invalidating="" assertion="" 290-156-195="" (target:executable<wireshark(501)&gt;)="" from="" originator="" 156="" default="" 17:06:27.734235+0800="" runningboardd="" [executable<wireshark(501)&gt;:1768]="" ignoring="" jetsam="" update="" because="" this="" process="" is="" not="" memory-managed="" default="" 17:06:27.734450+0800="" runningboardd="" [executable<wireshark(501)&gt;:1768]="" set="" darwin="" role="" to:="" userinteractivenonfocal="" default="" 17:06:27.734716+0800="" runningboardd="" [executable<wireshark(501)&gt;:1768]="" ignoring="" gpu="" update="" because="" this="" process="" is="" not="" gpu="" managed<="" p="">


(target:executable<Wireshark(501)>) will be created as active
default 17:06:24.154681+0800    runningboardd   Finished acquiring assertion 290-156-195 (target:executable<Wireshark(501)>)
default 17:06:24.154831+0800    runningboardd   [executable<Wireshark(501)>:1768] Ignoring jetsam update because this process is not memory-managed
default 17:06:24.155090+0800    runningboardd   [executable<Wireshark(501)>:1768] Set darwin role to: UserInteractiveFocal
default 17:06:24.155355+0800    runningboardd   [executable<Wireshark(501)>:1768] Ignoring GPU update because this process is not GPU managed
default 17:06:27.619652+0800    runningboardd   Invalidating assertion 290-156-195 (target:executable<Wireshark(501)>) from originator 156
default 17:06:27.734235+0800    runningboardd   [executable<Wireshark(501)>:1768] Ignoring jetsam update because this process is not memory-managed
default 17:06:27.734450+0800    runningboardd   [executable<Wireshark(501)>:1768] Set darwin role to: UserInteractiveNonFocal
default 17:06:27.734716+0800    runningboardd   [executable<Wireshark(501)>:1768] Ignoring GPU update because this process is not GPU managed

Any other ways except REINSTALL MACOS?

BTW: tcpdump from terminal works.