This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

OS X tens of BPF devices

0

My network pref started to be really slow, so I started poking around.

I found over hundred /dev/pty and /dev/tty files, each. There is also 30 /dev/bpf* files, most of them don't have rw permission for the group. Seems like chmodBPF is not working anymore, although it's still in the startup items folder (/Library/StartupItems).

Questions:

  • does anyone has the network pref freeezing for up to 20s every time you change location (or anything, for that matter, not necessarily the location)?
  • do you also have hundreds of network interfaces under /dev/ ?

I am grateful for any suggestions!

I use Mavericks 10.9.1 and Wireshark 1.10.2

asked 27 Jan '14, 01:56

KaZ219's gravatar image

KaZ219
1112
accept rate: 0%

edited 27 Jan '14, 14:52

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


One Answer:

1

Pseudo-ttys are not network devices, they're pseudo-ttys. Every Terminal window uses one, so they're not only used by people ssh'ing (or, in ancient times, Telnetting or rsh'ing) into your computer.

BPF devices aren't directly network devices, either; they're devices that can be attached to network devices in order to capture traffic to or from those network devices, and there can be multiple BPF devices attached to the same network device.

ChmodBPF runs when your system starts, and can only change the permissions on the devices that exist when it's run. BPF devices are "create on demand" devices, so that when you open the last of the existing BPF devices, the system creates more of them (four more, to be specific); ChmodBPF doesn't know when that happens and can't fix them. (Unfortunately, a program can't watch to see when /dev changes, so, for example, launchd can't monitor it and run something like ChmodBPF when new BPF devices are created.)

If you want to know how many network interfaces you have, try doing ifconfig -l. (Not all of them correspond to physical network adapters.)

answered 27 Jan '14, 15:01

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

edited 27 Jan '14, 15:13

Thanks for the explanation. It might have nothing to do with Wireshark indeed. in ifconfig everything looks ok. I thought it might ring a bell with someone and they can point me in the right direction. It's just really annoying to have to wait 20s each time I change network location.

(28 Jan '14, 01:04) KaZ219

Just for laughs, try opening up System Preferences (but not changing your network location yet), opening up a Terminal window, running sudo sample 'System Preferences' 30, and then immediately going to System Preferences and changing your network location. When it finishes, see whether the sample command has written out the sample yet and, if it hasn't, wait for it to do so.

The results might not be useful to you, but they are likely to be useful to Apple; register as an Apple developer, and then file a bug on this, with the output of sample as an attachment.

(28 Jan '14, 01:45) Guy Harris ♦♦