Wireshark ChmodBPF errors on Snow Leopard
When I got Snow Leopard, I decided to do some house cleaning. I wiped the disk and reinstalled everything from scratch. I didn’t have any problems along the way until I went to install my favorite network protocol analyzer: Wireshark.
Installing is a simple matter of dragging the application into your Applications folder, but there’s also a startup item that sets some necessary permissions. To set that up, go into the Utilities folder on the Wireshark disk image, and drag the ChmodBPF folder onto the StartupItems shortcut. It’ll prompt you to authenticate and then copy. If you restart at this point, you’ll get an error message that says “Insecure Startup Item disabled. – “/Library/StartupItems/ChmodBPF” has not been started because it does not have the proper security settings.”
Using information from an Apple support article, I realized you need to change the owner of the scripts for them to be run on startup. Run the command below and everything will work fine!
cd /Library/StartupItems sudo chown -R root:wheel ChmodBPF
Update (7/14/2010) – Make sure you restart your computer after running this command. The script only runs at startup, so just changing the permissions doesn’t do anything by itself. You have to restart for the script to run.
IT WORKS
thank you.
Yesss!!! Thank you!
For others who will undoubtedly run into the same problem, I’ll make the following note:
The fact that ChmodBPF is failing to set the correct permissions will go unnoticed to the majority of users, because the ““Insecure Startup Item disabled” error, is of course only visible at the command line.
However, at a higher level, the very real and visual problem, that this will solve is that “The wireshark interface list is empty”
That was my problem and it took a little bit of detective work to track down the ultimate culprit. But now everything up and running, thanks again to this tip
Thank you for this tip. It was the last step I needed to get Wireshark working.
Thank you, thank you, thank you!
I can now diagnose my Draytek router when it loses DNS connectivity over Wifi.
Thanks – That’s been bugging me for a while now…
Awesome, thanks!
Good job! Thanks a lot
Thank you so much. This was driving me crazy only being able to get it to work from the command line.
The above commands did not work for me, but this did:
sudo chmod 644 /dev/bpf*
Also, for the StartupParameters.plist files, invoke this from the CLI:
sudo chown -R root:wheel StartupParameters.plist
then restart so that BPF permissions are enabled for Wireshark, or simply
invoke this on the CLI without restarting:
sudo SystemStarter start ChmodBPF
many thx
for the command to
gettnig it work !!!
Thank you so much. This was driving me crazy only being able to get it to work from the command line.
I didn’t have any luck with this, I still get the error. ug.
What they said^^ Cheers!!
Same as Thomas, still not having any luck. I opened up the command prompt copied the above command
cd /Library/StartupItems
sudo chown -R root:wheel ChmodBPF
It asked me for my password, i entered it, pressed enter then opened up WireShark.
Still no interfaces or capturing devices
I wasn’t very clear on this in the article, but you need to restart your Mac after changing the permissions for the script to work. Adding an update to my post to make sure nobody misses it in the future. I just reinstalled on Mac OS 10.6.4 and everything shows up fine for me after a restart.