Revision history [back]

I had thought that the installer had got around this problem, but it is back.

Problem: Whenever I try and capture traffic on and interface, I get a message like "The capture session could not be initiated on interface 'en0' (You don't have permission to capture on that device")

Attempted Solution: Checked out the uninstall script I found at https://github.com/srozzo/wireshark-uninstall-osx and when I was satisfied that it seemed to do the jobs listed in the installer Read me first.rft file, I completely uninstalled Wireshard using the command (as root)

 bash -c "$(curl -sL https://raw.github.com/srozzo/wireshark-uninstall-osx/master/uninstall.sh)"

Then re-run the installer using the latest version download. (v 2.4.5)

Environment: I have attemtpted this on two computers:

Computer #1: MacOS 10.12.6 - MacBook Pro 15" 2016 (No in-built ethernet interface, only wifi and USB Ethernet)

Computer #2: MacOS 10.13.3 - Mac Mini Mid 2011 (Inbuilt Gigebit Ethernet adapter and WiFi)

Other Information: While running the uninstall script, a message appeared

 /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist: Could not find specified service

however, that may have been because the script tried to remove more devices than necessary.

I also noticed that after doing the new install, my bfd divices appeared as

sh-3.2# ls -lh /dev/bpf*
crw-------  1 root  wheel   23,   0 22 Feb 08:47 /dev/bpf0
crw-------  1 root  wheel   23,   1 22 Feb 08:47 /dev/bpf1
crw-------  1 root  wheel   23,   2 10 Mar 14:21 /dev/bpf2
crw-------  1 root  wheel   23,   3 10 Mar 14:21 /dev/bpf3
crw-------  1 root  wheel   23,   4 22 Feb 08:48 /dev/bpf4

whereas I expected them to have rw group permissions. I changed the permissions viz:

sh-3.2# chmod g+rw /dev/bpf*
sh-3.2# ls -lh /dev/bpf*
crw-rw----  1 root  wheel   23,   0 22 Feb 08:47 /dev/bpf0
crw-rw----  1 root  wheel   23,   1 22 Feb 08:47 /dev/bpf1
crw-rw----  1 root  wheel   23,   2 10 Mar 14:21 /dev/bpf2
crw-rw----  1 root  wheel   23,   3 10 Mar 14:21 /dev/bpf3
crw-rw----  1 root  wheel   23,   4 22 Feb 08:48 /dev/bpf4

but this did not improve the situation.

My Question Does anyone know how to How to fix "The capture session could not be initiated on interface" (You don't have permission to capture on that devi and get Wireshark running on macOS?

I had thought that the installer had got around this problem, but it is back.

Problem: Whenever I try and capture traffic on and interface, I get a message like "The capture session could not be initiated on interface 'en0' (You don't have permission to capture on that device")

Attempted Solution: Checked out the uninstall script I found at https://github.com/srozzo/wireshark-uninstall-osx and when I was satisfied that it seemed to do the jobs listed in the installer Read me first.rft file, I completely uninstalled Wireshard using the command (as root)

 bash -c "$(curl -sL https://raw.github.com/srozzo/wireshark-uninstall-osx/master/uninstall.sh)"

Then re-run the installer using the latest version download. (v 2.4.5)

Environment: I have attemtpted this on two computers:

Computer #1: MacOS 10.12.6 - MacBook Pro 15" 2016 (No in-built ethernet interface, only wifi and USB Ethernet)

Computer #2: MacOS 10.13.3 - Mac Mini Mid 2011 (Inbuilt Gigebit Ethernet adapter and WiFi)

Other Information: While running the uninstall script, a message appeared

 /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist: Could not find specified service

however, that may have been because the script tried to remove more devices than necessary.

I also noticed that after doing the new install, my bfd divices appeared as

sh-3.2# ls -lh /dev/bpf*
crw-------  1 root  wheel   23,   0 22 Feb 08:47 /dev/bpf0
crw-------  1 root  wheel   23,   1 22 Feb 08:47 /dev/bpf1
crw-------  1 root  wheel   23,   2 10 Mar 14:21 /dev/bpf2
crw-------  1 root  wheel   23,   3 10 Mar 14:21 /dev/bpf3
crw-------  1 root  wheel   23,   4 22 Feb 08:48 /dev/bpf4

whereas I expected them to have rw group permissions. I changed the permissions viz:

sh-3.2# chmod g+rw /dev/bpf*
sh-3.2# ls -lh /dev/bpf*
crw-rw----  1 root  wheel   23,   0 22 Feb 08:47 /dev/bpf0
crw-rw----  1 root  wheel   23,   1 22 Feb 08:47 /dev/bpf1
crw-rw----  1 root  wheel   23,   2 10 Mar 14:21 /dev/bpf2
crw-rw----  1 root  wheel   23,   3 10 Mar 14:21 /dev/bpf3
crw-rw----  1 root  wheel   23,   4 22 Feb 08:48 /dev/bpf4

but this did not improve the situation.

My Question Does anyone know how to How to fix "The capture session could not be initiated on interface" (You don't have permission to capture on that devi and get Wireshark running on macOS?