Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Error when trying to run wireshark-chmodbpf 1.0.2

From: Guy Harris <gharris () sonic net>
Date: Thu, 14 Jan 2021 22:13:35 -0800
On Jan 14, 2021, at 5:43 PM, Gerald Combs <gerald () wireshark org> wrote:


I can replicate the "Resource busy" message here by running Wireshark, leaving the welcome screen up and attempting 
to read from /dev/bpf0:

----
$ read -n 0 < /dev/bpf0 > /dev/null 2>&1
bash: /dev/bpf0: Resource busy
----

However, that's just a result of Wireshark updating the interface sparklines via `dumpcap -S`,


Not necessarily:

        $ read -n 0 < /dev/bpf0 > /dev/null
        -bash: /dev/bpf0: Resource busy
        $ ps -ef | egrep -i 'tcpdump|shark|dumpcap'
          501 95591 32227   0 10:00PM ttys114    0:00.00 egrep -i tcpdump|shark|dumpcap

and that's because:

        $ sudo lsof /dev/bpf0 /dev/bpf1
        Password:

                ...

        COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
        airportd 344 root 41u CHR 23,0 0t0 580 /dev/bpf0
        airportd 344 root 42u CHR 23,0 0t0 580 /dev/bpf0
        airportd 344 root 43u CHR 23,1 0t0 581 /dev/bpf1
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: