Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2020-02-08 17:30:02 +0000

protasm gravatar image

Can't See Ethernet (en0) on MacOS

Hello,

I have a Mac Mini that is hard-wired to my DSL router which provides internet. (The WiFi adapter on the Mac Mini is turned off.)

When I open WireShark 3 on my Mac Mini, I cannot see or capture from the en0 interface.

But, if I open a terminal and type: "tcpdump -i en0 -w ~/capture.pcap" then the result is a correct-looking tcpdump showing TCP traffic between my various home network devices and the internet. I can open the resulting capture.pcap file in Wireshark and inspect the packets, etc.

Is there a simple way to skip the terminal/tcpdump step and just capture en0 from directly within WireShark? In other words, since the en0 interface hardware (BroadCom 57766-A1 Gigabet Ethernet) is apparently capable of what I want to do, how do I see that interface in WireShark?

Thanks!

Can't See Ethernet (en0) on MacOS

Hello,

I have a Mac Mini that is hard-wired to my DSL router which provides internet. (The WiFi adapter on the Mac Mini is turned off.)

When I open WireShark 3 on my Mac Mini, I cannot see or capture from the en0 interface.

But, if I open a terminal and type: "tcpdump -i en0 -w ~/capture.pcap" then the result is a correct-looking tcpdump showing TCP traffic between my various home network devices and the internet. I can open the resulting capture.pcap file in Wireshark and inspect the packets, etc.

Is there a simple way to skip the terminal/tcpdump step and just capture en0 from directly within WireShark? In other words, since the en0 interface hardware (BroadCom 57766-A1 Gigabet Ethernet) is apparently capable of what I want to do, how do I see that interface in WireShark?

Thanks!

edit: Incidentally, if I open terminal and type: "tcpdump -i en0 -I -w ~/capture.pcap" (adding the -I option) then the command fails with: "tcpdump: en0: That device doesn't support monitor mode". Not sure if that clarifies anything.

Can't See Ethernet (en0) on MacOS

Hello,

I have a Mac Mini that is hard-wired to my DSL router which provides internet. (The WiFi adapter on the Mac Mini is turned off.)

When I open WireShark 3 on my Mac Mini, I cannot see or capture from the en0 interface.

But, if I open a terminal and type: "tcpdump -i en0 -w ~/capture.pcap" then the result is a correct-looking tcpdump showing TCP traffic between my various home network devices and the internet. I can open the resulting capture.pcap file in Wireshark and inspect the packets, etc.

Is there a simple way to skip the terminal/tcpdump step and just capture en0 from directly within WireShark? In other words, since the en0 interface hardware (BroadCom 57766-A1 Gigabet Ethernet) is apparently capable of what I want to do, how do I see that interface in WireShark?

Thanks!

edit: Incidentally, if I open terminal and type: "tcpdump -i en0 -I -w ~/capture.pcap" (adding the -I option) then the command fails with: "tcpdump: en0: That device doesn't support monitor mode". Not sure if that clarifies anything.

edit 2: oh sorry, I guess monitor mode is a wireless thing only. :-)