StartupItems<\/em> alias.<\/p>\nPath is\u00a0\/Library\/StartupItems\/ChmodBPF if the alias does not work
\n(you can use finder, click go, click “Go To Folder”)<\/p>\n
(this files changes\u00a0the permissions of \/dev\/bpf* in order to capture from interfaces, by dragging it here it does this every time\u00a0you reboot)<\/p>\n
6) If you’re running as an admin user you will see a list of network interfaces in Wireshark in the “Interface List”. That’s good and you’re ready to start capturing packets.
\nHowever, if you don’t see any available interfaces, you’re probably running as a non-admin. If you plan on running as a non-admin when you use Wireshark in the future, you need to make one more change. The problem here is that theChmodBPF<\/code> start-up item we installed earlier (that changes permissions on\/dev\/bpf*<\/code>) only works for users in the\u00a0admin<\/code> group. So, we need a way of allowing the user you’re running as to at least read stuff in\u00a0\/dev\/bpf*<\/code>.A simple solution, and you can do this to check and see if you can capture with this change is to simply do\u00a0sudo chmod o+r \/dev\/bpf*<\/code>. That works, but it allowsany user<\/em> on your machine to sniff packets. A better solution is to just add a line to the\u00a0ChmodBPF<\/code> script to\u00a0chown<\/code> (change the owner of) those things to the user you want to run as:<\/p>\n\n- Open the\u00a0
ChmodBPF<\/code> script, which is located in\/Library\/StartupItems\/ChmodBPF\/ChmodBPF<\/code>, in a text editor.<\/li>\n- Add a\u00a0
chown<\/code> line so that the file looks like this:<\/li>\n ...\r\n chgrp admin \/dev\/bpf*\r\n chmod g+rw \/dev\/bpf*\r\n chown foobar:admin \/dev\/bpf*\r\n }\r\n ...\r\n<\/code><\/pre>\n- But replace\u00a0
foobar<\/code> here with the user you want to run Wireshark under.<\/li>\n- Save the file.<\/li>\n<\/li>\n<\/ol>\n
7) If you’re doing a fresh Wireshark install on Snow Leopard (Mac OS X 10.6), it appears that the ownership of the\u00a0ChmodBPF<\/code> files needs to be changed. So, fire up the terminal and do the following:<\/p>\ncd \/Library\/StartupItems\r\nsudo chown -R root:wheel ChmodBPF<\/code><\/pre>\n8.) Now double check the security settings in your startup error, you may have get an error like this if you forgot to do so
\n
\n\"Insecure Startup Items folder detected.
\nItems in the Startup Items folder (\"\/Library\/
\nStartupItems\/\") have not been started because the
\nfolder does not have the proper security settings.\"
\n<\/code><\/p>\nso open up a terminal, go to \/Library\/StartupItems\/<\/code>
\ndo a ls -l<\/code> and make sure then everything is set to the same permission 755 which will look like<\/p>\ndrwxr-xr-x<\/code><\/p>\nyou can always change the permissions of everything in the folder by doing this
\n
\nsudo chown -R root:wheel \/Library\/StartupItems
\nsudo chmod -R 0755 \/Library\/StartupItems
\n<\/code><\/p>\nif you see an @ symbol you need to do a ls -l@<\/code> and look for com.apple.quarantine<\/code>, this means that OS X has quarantined this file because it has not given permission to run it yet (untrusted). Just like when you download a new app from the internet for the first time OS X will ask you with a prompt “blah is an application downloaded from ther Internet. Are you sure you want to open it?” you will need to do this here, only via the command line.
\nRemote the quarantine with this command
\nxattr -r -d com.apple.quarantine file-path<\/code>
\nso in our case
\nxattr -r -d com.apple.quarantine \/Library\/StartupItems\/ChmodBPF<\/code><\/p>\n9) Restart your computer, make sure there are no errors, run Wireshark and make sure you can see interfaces to capture from. Email me or comment below to fix any problems with this how to.<\/p>\n","protected":false},"excerpt":{"rendered":"
Here is the complete guide, because so many ‘complete guides’ were missing a step or two that I needed. 1)\u00a0Download the DMG from\u00a0http:\/\/www.wireshark.org\/download.html. Unpack it. 2)\u00a0Drag the Wireshark icon onto to the\u00a0Applications alias. 3)\u00a0Open the\u00a0Utilities folder. 4)\u00a0Drag the contents of the Command Line folder to \/usr\/local\/bin 5) \u00a0Drag the ChmodBPF folder onto the StartupItems alias. … <\/p>\n
Continue reading “Setting up Wireshark on Mac OSX”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-395","post","type-post","status-publish","format-standard","hentry","category-geek"],"_links":{"self":[{"href":"https:\/\/www.cavanaugh.pro\/sean\/wp-json\/wp\/v2\/posts\/395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cavanaugh.pro\/sean\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cavanaugh.pro\/sean\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cavanaugh.pro\/sean\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cavanaugh.pro\/sean\/wp-json\/wp\/v2\/comments?post=395"}],"version-history":[{"count":8,"href":"https:\/\/www.cavanaugh.pro\/sean\/wp-json\/wp\/v2\/posts\/395\/revisions"}],"predecessor-version":[{"id":403,"href":"https:\/\/www.cavanaugh.pro\/sean\/wp-json\/wp\/v2\/posts\/395\/revisions\/403"}],"wp:attachment":[{"href":"https:\/\/www.cavanaugh.pro\/sean\/wp-json\/wp\/v2\/media?parent=395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cavanaugh.pro\/sean\/wp-json\/wp\/v2\/categories?post=395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cavanaugh.pro\/sean\/wp-json\/wp\/v2\/tags?post=395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}