Wireshark mailing list archives
Re: Problems capturing on Mac OS X
From: Guy Harris <guy () alum mit edu>
Date: Mon, 7 Feb 2011 10:14:01 -0800
On Feb 6, 2011, at 2:22 PM, Matthew Lucas wrote:
I'm trying to run wireshark on my 2008 MacBook Pro, running Mac OS 10.6.6. I'm an admin user and I've copied the ChmodBPF folder to /Library/StartupItems and restarted my machine to cause it to run. On restart I got the following error: {"Insecure Startup Item disabled." message}
That probably means that it's not owned by user root and group wheel; unfortunately, the drag-install process doesn't cause the startup item to be given the right ownership. (The dmg is probably mounted with the "make it look as if everything on the file system is owned by the person who mounted it" option, and the Finder's copy preserves the ownership.) You'd need to open up Terminal and do sudo chown -R root:wheel /Library/StartupItems/ChmodBPF
When I navigate to /Library/StartupItems/ChmodBPF/ and run the ChmodBPF script, I get the following: Last login: Sun Feb 6 21:45:06 on ttys000 /Library/StartupItems/ChmodBPF/ChmodBPF ; exit; Matts-MacBook-Pro:~ matt$ /Library/StartupItems/ChmodBPF/ChmodBPF ; exit; /Library/StartupItems/ChmodBPF/ChmodBPF: line 35: $1: unbound variable logout
You need to open up Terminal and run it as sudo SystemStarter ChmodBPF start
Having read through all the documentation, it appears that the files that require permission change are in /dev - however I have no such folder. I've unhidden the hidden files and folders, and I've tried Go->Go to Folder->/dev to which I get the response "The folder can't be found". I certainly haven't deleted it, and from what I've read, I would imagine I would be having some fairly severe difficulties if I had, so it must have been intentionally moved or removed, presumably by Apple and presumably with a point update. So the question is, is all of this compatible with 10.6.6, and if it's not, is there something I can do manually to resolve it? Or have I simply done something wrong?
There are folders, and there are directories. "Folders" are what the OS X GUI shows you. "Directories" are what are in the file system name space; a "folder" is a directory that the GUI's willing and able to display. For better or worse, "/dev" is a directory but not a folder; the GUI hides it from you. If you open up Terminal, you can see that it exists (if it didn't exist, then 1) a huge amount of code in OS X would fail and 2) Apple couldn't use the word "UNIX" in connection with OS X): $ ls /dev auditpipe ptyta ttyr6 autofs ptytb ttyr7 autofs_control ptytc ttyr8 autofs_nowait ptytd ttyr9 bpf0 ptyte ttyra bpf1 ptytf ttyrb bpf2 ptyu0 ttyrc bpf3 ptyu1 ttyrd ... ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Problems capturing on Mac OS X Matthew Lucas (Feb 07)
- Re: Problems capturing on Mac OS X Guy Harris (Feb 07)