Yesterday was the first time in a long time wireshark worked on macOS for me (after I unloaded and disabled org.wireshark.ChmodBPF
using launchctl
, or possibly because I stop using account w/ admin privilege). While I'm not really sure why it worked, after I tried sudo chmod g+r /dev/bpf* && sudo chgrp admin /dev/bpf*
as mentioned here (or it could be something else entirely), I was able to capture traffic using wireshark.
But after reboot, it stopped working again, this time, even after I did the above or sudo chgrp access_bpf /dev/bpf* && sudo chmod g+rw /dev/bpf*
, sudo tcpdump -i en0
is showing
tcpdump: en0: You don't have permission to capture on that device
((cannot open BPF device) /dev/bpf0: Permission denied)
and wireshark is back to not working as well (I reran the ChmodBPF package)
You don't have permission to capture on local interfaces.
You can fix this by installing ChmodBPF.
and also, access_bpf
group is not showing up in System Perfenences (didn't look yeasterday).
ls -l /dev/bpf0
print (after I did sudo chgrp access_bpf /dev/bpf*
)
crw-rw---- 1 root access_bpf 23, 0 Feb 8 08:50 /dev/bpf0
and sudo launchctl list | egrep ChmodBPF
print
- 0 org.wireshark.ChmodBPF
as suggested here.
So does anyone know how to fix this?
BTW, wireshark can't monitor any of the interfaces, not just eth0, nor is this related to the Wi-Fi adapter.