Since working extensively with PXEBoot, TFTP, Xen Virtual Networking and all this good stuff I’m very depended on Wireshark for my debugging. Sadly the way Wireshark works on BSD style Network devices, like in MacOSX, it would have to be run as Root to be able to read the capture. Since I’m kind of security conscious, I really don’t like running Apps as root, and especially Apps exposed to the Network. Looking around I discovered 2 workarounds, one good one and one hack.
1. The Hack:
Make the capture devices readable by the user by running:
sudo chgrp staff /dev/bpf*
sudo chmod g+r /dev/bpf*
This works great if you are administrator on your Mac (I’m not, I’m a standart user), and if you are willing to enter this every time you reboot in the Terminal.
2. The Good way:
Install a Startup Item which is executed at boot by the lauchd as root, to change the Permissions on the capture devices. To do this first you need to login as Administrator once to create the Startup Item then you need to create a Folder
sudo mkdir -p /Library/StartupItems/ChmodBPF
in this Folder there will be 2 files: 1 executable shell script which sets the Permissions and 1 plist, which just has to be there I guess. On how to create those files you can look here or just download the once created already from here and put it in the Folder.
Now make sure the Permissions are set correctly
sudo chown -R root:wheel /Library/StartupItems/ChmodBPF
sudo chmod 644 /Library/StartupItems/ChmodBPF/StartupParameters.plist
sudo chmod 755 /Library/StartupItems/ChmodBPF/ChmodBPF
Now after a reboot Wireshark should work fine, recognizing all the Interfaces, and being able to capture from them.