Wireshark mailing list archives
Re: No interfaces, no /dev directory (MacOS X)
From: Guy Harris <guy () alum mit edu>
Date: Mon, 5 Sep 2011 19:54:09 -0700
On Sep 5, 2011, at 7:17 PM, Steven Ross wrote:
No interfaces running as admin in Mac OS x 10.5.8 (PPC). I read the Readme in the download and the wiki telling me about the script to set up permissions on boot (and I did reboot): http://wiki.wireshark.org/CaptureSetup/CapturePrivileges I do see interfaces and capturing works fine if I run as root. I have the ChmodBPF script in the StartupItems, placed there by the Wireshark installer. Running the ChmodBPF script directly gives an error: line 35: $1: unbound variable Line 35 is simply: RunService "$1"
It's a startup item, no a script to be run by itself. You need to run it with SystemStarter: sudo SystemStarter start ChmodBPF In order for it to be run, /Library/StartupItems/ChmodBPF, and all the files under it, must be owned by user "root" and group "wheel", and must not have group or other write privileges.
I believe it breaks because I do not have a /dev folder.
You may not have a /dev folder, in the sense of something that the Finder will show you, but you definitely have a /dev directory, in the sense that, for example, "ls /dev" from a Terminal window will show you the contents of that directory.
There is a hidden /dev alias,
From the point of view of all the stuff Apple put on top of UNIX, it might be an alias; from the point of view of UNIX, it's a directory:
$ ls -ld /dev dr-xr-xr-x 3 root wheel 4194 Aug 18 18:51 /dev
which appears to point to a volume,
From the UNIX point of view, /dev has a file system mounted on it:
$ df /dev Filesystem 512-blocks Used Available Capacity Mounted on devfs 220 220 0 100% /dev which might cause the Finder to show it as something like a volume
but actually goes nowhere.
Nope: $ cd /dev $ ls auditpipe ptytc ttyr9 autofs ptytd ttyra autofs_control ptyte ttyrb autofs_nowait ptytf ttyrc bpf0 ptyu0 ttyrd bpf1 ptyu1 ttyre bpf2 ptyu2 ttyrf bpf3 ptyu3 ttys0 (your results, in terms of what "ls" shows, may vary).
Do I need to install Xcode to get the /dev folder?
No. Mac OS X is a UN*X, so it has /dev as a standard feature, and won't work without it.
Any other reason why it wouldn't work in admin, but does in root?
Because, in *BSD and Mac OS X, in order to capture network traffic, an application or library needs to open a BPF device, and, in Mac OS X, the BPF devices, by default, are owned by root, group wheel, and only openable by the owner. The Wireshark 1.6.x installer will install the ChmodBPF startup item, attempt to add you to the group access_bpf, and run the startup item, which should make the BPF devices that exist, at the time it's run, owned by group access_bpf and readable and writable by the group. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- No interfaces, no /dev directory (MacOS X) Steven Ross (Sep 05)
- Re: No interfaces, no /dev directory (MacOS X) Steven Ross (Sep 05)
- Re: No interfaces, no /dev directory (MacOS X) Guy Harris (Sep 05)
- <Possible follow-ups>
- No interfaces, no /dev directory (MacOS X) Steven Ross (Sep 05)
- Re: No interfaces, no /dev directory (MacOS X) Guy Harris (Sep 05)
- Re: No interfaces, no /dev directory (MacOS X) Steven Ross (Sep 05)
- Re: No interfaces, no /dev directory (MacOS X) Guy Harris (Sep 06)
- Re: No interfaces, no /dev directory (MacOS X) Steven Ross (Sep 06)
- Re: No interfaces, no /dev directory (MacOS X) Guy Harris (Sep 05)
- Re: No interfaces, no /dev directory (MacOS X) Steven Ross (Sep 05)
- Re: No interfaces, no /dev directory (MacOS X) Guy Harris (Sep 06)