Saturday, March 5, 2011

wireshark no network interface issue

wireshark is one of the best tool to deep network analysis. But due to the permission issue on BPF devices on Mac OSX (by default only root can read and write BPF devices), you won't see network interfaces in wireshare on Mac ;-(

There are two ways to fix:

- run sudo chown <your_user_id> /dev/bpf* on command line before you start wireshark, you will need to do it again after reboot

- add a startup script to fix this permanently (see instructions that comes with wireshark, D&D Utilities/ChmodBPF directory in the installation package into /Library/StartupItems
. You can adjust the script for your needs as well, for details, see the documentation that comes with wireshare.