This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I find my BPF file/folder on my OS X mountain lion?

0

The disk image only has the package installer and a read me file. I keep on reading that I need to gain privilege on my BPF or ChmodBPF files, but I cannot find them anywhere.

Currently trying to analyze my network, but all I see is my own traffic. I'm trying to monitor the entire traffic off of my home network.

asked 13 Feb '13, 04:55

phiton's gravatar image

phiton
11112
accept rate: 0%


3 Answers:

0

please search for bpf in the answers and comments of the following question:

http://ask.wireshark.org/questions/578/mac-os-cant-detect-any-interface

Regards
Kurt

answered 13 Feb '13, 05:16

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 13 Feb '13, 05:16

0

If you can capture traffic it seems likely that your capture permissions are sufficient.

If you can only see your own traffic it's likely that you are on a switched network. Please give further information, either by editing your question, or as a comment, about your network setup.

answered 13 Feb '13, 05:23

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

All I know what to say is that I'm connected to an Airport extreme. I have two laptops and a smartphone. WPA2. I'm assuming a really standard connection. As mentioned before, I can see my own traffic on my Mac, but my other devices cannot be captured.

(13 Feb '13, 05:35) phiton

See the wiki page on Wireless capture setup for more info on capturing Wireless traffic.

(13 Feb '13, 05:53) grahamb ♦

0

The disk image only has the package installer and a read me file. I keep on reading that I need to gain privilege on my BPF or ChmodBPF files, but I cannot find them anywhere.

ChmodBPF is a "startup item" that the package installer installs; it changes the permission on BPF devices (files in the /dev directory with names beginning with bpf) so that you get the necessary privileges.

Currently trying to analyze my network, but all I see is my own traffic.

By default, that's all you'll see on a Wi-Fi network. You would need to capture in "monitor mode" to see other hosts' traffic, and, if your network is using WEP or WPA/WPA2, you'll have to tell Wireshark the password for your network and, if it's using WPA/WPA2, you'll have to, for each machine whose traffic you want to see, disconnect it from the network and reconnect it while Wireshark is listening, so that you capture the initial "EAPOL handshake". See the how to decrypt 802.11 page on the Wireshark Wiki for more details.

answered 05 Dec '13, 10:15

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%