Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Problems capturing on Mac OS X

From: Guy Harris <guy () alum mit edu>
Date: Mon, 7 Feb 2011 10:14:01 -0800

On Feb 6, 2011, at 2:22 PM, Matthew Lucas wrote:


I'm trying to run wireshark on my 2008 MacBook Pro, running Mac OS 10.6.6. I'm an admin user and I've copied the 
ChmodBPF folder to /Library/StartupItems and restarted my machine to cause it to run. On restart I got the following 
error:

{"Insecure Startup Item disabled." message}


That probably means that it's not owned by user root and group wheel; unfortunately, the drag-install process doesn't 
cause the startup item to be given the right ownership.  (The dmg is probably mounted with the "make it look as if 
everything on the file system is owned by the person who mounted it" option, and the Finder's copy preserves the 
ownership.)

You'd need to open up Terminal and do

        sudo chown -R root:wheel /Library/StartupItems/ChmodBPF


When I navigate to /Library/StartupItems/ChmodBPF/ and run the ChmodBPF script, I get the following: 

Last login: Sun Feb  6 21:45:06 on ttys000
/Library/StartupItems/ChmodBPF/ChmodBPF ; exit;
Matts-MacBook-Pro:~ matt$ /Library/StartupItems/ChmodBPF/ChmodBPF ; exit;
/Library/StartupItems/ChmodBPF/ChmodBPF: line 35: $1: unbound variable
logout


You need to open up Terminal and run it as

        sudo SystemStarter ChmodBPF start


Having read through all the documentation, it appears that the files that require permission change are in /dev - 
however I have no such folder. I've unhidden the hidden files and folders, and I've tried Go->Go to Folder->/dev to 
which I get the response "The folder can't be found". I certainly haven't deleted it, and from what I've read, I 
would imagine I would be having some fairly severe difficulties if I had, so it must have been intentionally moved or 
removed, presumably by Apple and presumably with a point update. So the question is, is all of this compatible with 
10.6.6, and if it's not, is there something I can do manually to resolve it? Or have I simply done something wrong?


There are folders, and there are directories.

"Folders" are what the OS X GUI shows you.  "Directories" are what are in the file system name space; a "folder" is a 
directory that the GUI's willing and able to display.

For better or worse, "/dev" is a directory but not a folder; the GUI hides it from you.  If you open up Terminal, you 
can see that it exists (if it didn't exist, then

        1) a huge amount of code in OS X would fail

and

        2) Apple couldn't use the word "UNIX" in connection with OS X):

$ ls /dev
auditpipe               ptyta                   ttyr6
autofs                  ptytb                   ttyr7
autofs_control          ptytc                   ttyr8
autofs_nowait           ptytd                   ttyr9
bpf0                    ptyte                   ttyra
bpf1                    ptytf                   ttyrb
bpf2                    ptyu0                   ttyrc
bpf3                    ptyu1                   ttyrd

        ...


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: