« Using beamer with lucimatxEVT/WOTE 2009 Update »

63 comments

  1. § Keith said on :
    Perfect! Just what I needed to get Wireshark configured. Thanks!
  2. § joe® Email said on :
    great!
  3. § Dum Email said on :
    Thanks, very straight forward !!
  4. § Greg Email said on :
    Worked like a charm. Although I still need to start wireshark via the Terminal window by:

    In terminal:
    cd /Applications/Wireshark.app/Contents/MacOS/
    then command
    sudo ./wireshark

    I must have done something wrong in the ChmodBPF file.
  5. § joe® Email said on :
    Yeah, you need to revisit the `chown foobar:admin /dev/bpf*` line and replace foobar with the name of the user you want to run it as (type `whoami` at the terminal to get that username).
  6. § Greg Email said on :
    Works like a charm!!!

    You have saved me from countless hours of frustration.

    Thanks
  7. § Eric said on :
    Great ! Thank you !
  8. § Chris Email said on :
    Thank you! Saved me a ton of time
  9. § Jason said on :
    Thanks!
  10. § Garth Email said on :
    Hey thanks for the advice.... like others, the setup was now a breeze. After an hour or so, previously, of frustration, I suppose I could've googled this earlier to save myself the time. Anyway, thanks for the help.
  11. § hal Email said on :
    Works really well. Additional problem I had was that my X11 wasn't working properly. I had to download a new version of XQuartz(x11): http://xquartz.macosforge.org/trac/wiki

    The explanation is at:
    http://lists.apple.com/archives/X11-users/2008/Aug/msg00164.html

    Hal
  12. § loi Email said on :
    Hi,

    i tried this, and i think it is a much better guide than the one they provide in the Wireshark.dmg package but having said that i still cannot see the right interfaces. all i have is:

    - en0: IP unknown
    - fw0: IP unknown
    - en1: does have an IP but it looks something like a mac address, for example: fe34::cd0:a1f5:123ce:aef0 and is the only interface capturing packets right now...
    - lo0: also has an IP but looks something like: fed0::1

    those are the only interfaces available to me... i don't know how to capture packets from the wireless network since i cannot find the interface for it. i followed all your instructions there but maybe i am still missing something...

    also my X11 version is:
    - XQuartz 2.1.6 (xorg-server 1.4.2-apple33)

    i don't know if the problem is there but someone mentioned in the comments that they had to update theirs. well any help would be greatly appreciated.

    just so you know what i'm trying to do... originally i wanted to capture the packets sent from my iPod touch via the wireless network. that is why i wanted to see if wireshark can capture these informations using a wireless interface.

    thanks.
  13. § joe® Email said on :
    Alas, I'm not sure how to help you... do let me know if you figure it out!
  14. § Bob Guru said on :
    I love you. Why is this not in their ReadMe?
  15. § joe® Email said on :
    ::)
  16. § irrationalidiot Email said on :
    Worked beautifully. Thanks!
  17. § iJim Email said on :
    Hi, i use tiger and i can't run wireshark, i think i wrong some step! Someone could help me?
    Excuse me for the bad language i'm italian
  18. § jayray Email said on :
    Thanks Joe!
  19. § Mars Email said on :
    My /Library/StartupItems/ChmodBPF will not run. I have it in the folder, I am an admin, THE admin, I run as the admin, and it says insecure item at startup and does NOT offer a "fix" button at all. Even though the Mac help mentions the fix button. No fix button.

    I have even selected every file of the command line folder, get info and set to read/write for everything, but hand. The startup ChmodBPF fails, and I get a boatload of errors when running wireshark.
  20. § Vi Email said on :
    Thank you for this detailed procedure. Definitely couldn't have done it without your help. One last note, I did run into a security error with chmodbfd.

    "Insecure Startup Item disabled.
    /library/StartupItems/ChmodBPF" has not been started because it does not have the proper security setting."

    Maybe I missed a step...

    Anyway, a quick search on the Internet showed a solution from Nick Kleinschmidt's Blog.
    http://kleinsch.com/2009/10/03/wireshark-chmodbpf-errors-on-snow-leopard/comment-page-1/#comment-29

    Thanks again.
  21. § joe® Email said on :
    Yeah, it looks like if you're doing a fresh install on Snow Leopard, the permissions aren't set correctly on ChmodBPF/. I'll add a note, thanks!
  22. § Chris Gregg Email said on :
    One more quick fix for a possible non-start issue on Snow Leopard: on my system there was a problem with the ~/.fontconfig font caches. Removing this folder allowed Wireshark to run (it crashed on startup initially).
  23. § Nikhil Email said on :
    Awesome. It worked just out of the box. Thanks
  24. § EK Email said on :
    Its easier to login as 'root', unhide all folders,then you can drag and drop everything you need to copy or move...no confusing terminal commands. Rehide folders when done, then reboot. Done.
  25. § joe® Email said on :
    I'd recommend sticking with the terminal commands, folks...
  26. § spockr said on :
    And don't forget to add the number you first thought of. Really, how ridiculous it is that you have to jump through these hoops.
  27. § Pradeep Email said on :
    thanks!
  28. § Dan Email said on :
    One more hint: I just installed the latest version normally (drop in aps) and then couldn't access the interfaces (as expected). If I ran as root (sudo Wireshark as suggested above) I could see the interfaces, but didn't appear to be able to access the Wireshark window thru the GUI. It turns out that there's a pop-up warning window saying "Hey, you're running as root and you could ruin everything so be careful", but the window pops-under, so I didn't find it until much later. Just acknowledge that you know what you're doing (even if you don't) and it seems to work find. This is on OS 10.5 with Wireshark Version 1.2.5 (SVN Rev 31296)
  29. § andrew Email said on :
    I did all the steps above and for some reason i do not have a /dev/bpf* file or folder. what do i do?
  30. § joe® Email said on :
    sorry, I have no clue... let me know if you figure it out.
  31. § Ray Email said on :
    I'm a little concerned about changing the ownership of the interface device files to a general user. Why not add my user name to the wheel group? Thx
  32. § Tim Fetter Email said on :
    Thank you so much for sharing your knowledge. I was installing on the snow cat and was getting the permissions error from the startup items. I took your advice and am now happily? looking at mountains of data. I have no idea what I was doing in Terminal, but it worked.
  33. § CSK Email said on :
    love u dude :)
  34. § Sigurdur Armannsson Email said on :
    Giving directions is not a natural talent all developers have. I am glad that someone like you can fill up the gaps.
  35. § MK Email said on :
    "Add a chown line so that the file looks like this:

    ...
    chgrp admin /dev/bpf*
    chmod g+rw /dev/bpf*
    # chown foobar:admin /dev/bpf*
    }
    ..."

    You should comment out that chown .... IF you already belong to the admin group. Worked for me. Now I can start Wireshark by just clicking the Wireshark.app
    Otherwise I've done all the tricks instructed above. =)

    M
  36. § joe® Email said on :
    But, that's just the thing, you probably shouldn't be running as an admin. :)
  37. § Johnny Email said on :
    trying to run this on snow leopard, did step 7 but still get the
    "Insecure Startup Item disabled.
    /library/StartupItems/ChmodBPF" has not been started because it does not have the proper security setting."
    error. Anyone have an idea of what I am doing wrong?
  38. § Armin Email said on :
    Thanks for your tutorial!
    step 7 solved my problems with the missing interfaces.
    Just reboot once again after typing the two lines into terminal and the startup message disappears

    thanks again
  39. § noah Email said on :
    Johnny, I think you need to change the owner of those files to be root. If you throw your error into Google you should find some helpful links on the first couple pages, as I did.

    Also, this post was very helpful. Thank you Joseph!
  40. § SusieQ Email said on :
    Thanks for the guide. Im struggling with step 6, and I cant see the interfaces.

    If I use the command sudo chmod o+r /dev/bpf* it works fine, but if I add the chown myusername:admin /dev/bpf* to the ChmodBPF it does not work.

    I guess the location of the folder is correct: /Users/myusername/Library/StartupItems/ChmodBPF

    Beccause Im using Snow Leopard 10.6.3, Ive also tried step 7, but still no interfaces.
  41. § SusieQ Email said on :
    Sorry, just solved it. Was using the wrong Library-folder :) Works now!
  42. § Adam Email said on :
    Dude,

    sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark

    :)
  43. § neil Email said on :
    many thanks for this, it solved my Wireshark permissions problem.

    always nice when people such as yourself share your experience and expertise.
  44. § Stian Email said on :
    Woah, this is one of the simplest and most effective guides I've ever read and used, thanks man! I really needed this too, seeing as I just started using Mac OSX a month ago, when I bought my first Mac. Keep this up please!
  45. § Paul Email said on :
    Just a quick comment... After step 7 you might make it explicit that you need to restart (step 8?). Since these files are system-wide, a logout and back-in won't enable the change. You must restart. (It was early, not fully awake, etc. but I figured it out.)
  46. § hulvire said on :
    this thread is very helpful like somebody said up there "much better than the one they provide in the Wireshark.dmg package" thx so much
  47. § Peter said on :
    Yeah, it finally works. Thanks:)
  48. § Totophe Email said on :
    Perfect work, many thanks.
    @Bob Guru : "Why is this not in their ReadMe?"
    Because there is two read-me file : one in the "ChmodBPF" folder and the other in the dmg file ("Read-me FIRST") ;-)

    Work on Leopard 10.6.4 ; it's ok, I can start Wireshark by just clicking the .app but step 7 canceled step 6 ? I had restarted the step by step until step 6.
  49. § joe® Email said on :
    Hmm, if people are having trouble with later versions of Mac OS or Wireshark or such, please leave a comment. I don't use Wireshark everyday, so I'm probably a few versions behind (and so these instructions may be ignorant to newer versions).
  50. § Louis Email said on :
    Hey,

    I'm on Snow Leopard 10.6.4 and have the latest version of Wireshark. I am admin (and only user) of my mac and did change the ownerships and permissions with the sudo command. I then restarted and got the "Insecure Startup Item disabled. "/library/StartupItems/ChmodBPF" has not been started because it does not have the proper security setting." message.

    Any help ? Thanks!
  51. § dany Email said on :
    thank you dude! I love you
  52. § Oleg Email said on :
    I did the instructions on the following link to solve the following issue :
    "/library/StartupItems/ChmodBPF" has not been started because it does not have the proper security setting."

    thanks for this how to.
  53. § Colin Email said on :
    So I have a few problems. First, let me start out by saying that I am running OS X 10.6.4, and I downloaded the OS X 10.6 (Snow Leopard) Intel 64-Bit version of Wireshark. My first problem is at step 5, in which the entry for "SMI (MIB and PIB) Modules and Paths" is simply N/A, with a mouseover text reading "Support for this feature was not compiled into this version of Wireshark."

    My second issue is in Step 7 (of course), in which after I enter the sudo line, I receive a warning about how it can screw up my system. I am given two options: enter my password and continue, or press control+c to abort. For some reason, my terminal will not let me enter my password, and I am forced to abort every time. Any suggestions for either of the steps?
  54. § Curt Email said on :
    Thanks very much for this guide. Worked great for me on OS X 10.6.4 using the 64-bit Snow Leopard version of Wireshark.
  55. § ramin said on :
    I just want to say thank you. All the paths that you provided really helped
  56. § Raybo Email said on :
    Fantastic. Thanks much.
  57. § David McDonald Email said on :
    Finally got past the ChmoBPF issue and my interfaces show up with Wireshark running under Snow Leopard but only en2 captures data. I want to capture on Airport ( en1 ) but no data is captured despite other active devices on the network. My DSL modem is directly connected to Airport Extreme and my Mac accesses the network wirelessly. Do I need a hard wired connection to capture on the network? Am I missing something else.
  58. § pblocked said on :
    Great tutorial! Now how can i get it off my mac?? PLEASE HELP!
  59. § joe® Email said on :
    @David McDonald: I haven't updated this guide in a while, so I'm not sure what kinds of problems you might have that prohibits en1 capture.
  60. § Duane Email said on :
    I have installed the OS X 10.6 (Snow Leopard) Intel 64-Bit version of Wireshark. I have placed CHmodBPF in the startupitems and the Utilities items into the usr/local/bin. I restarted the MAC....no error messages. I am running as an admin. i do not see and interfaces. any ideas why?
  61. § Steven Email said on :
    Similar to Duane, I guess. I have the ChmodBPF script in the StartupItems (placed there by the Wireshark installer, but see no interfaces running as admin. I do see interfaces and capturing works fine if I run as root.

    Running the ChmodBPF script directly gives an error:
    "line 35: $1: unbound variable"
    Line 35 is simply: RunService "$1"
    I believe it breaks because I do not have a /dev folder. There is a hidden /dev alias, but it points nowhere. Do I need to install Xcode to get the /dev folder? Any other reason why it wouldn't work in admin, but does in root?
  62. § captcha breaker said on :
    When I initially commented I clicked the "Notify me when new comments are added" checkbox and now each time a comment is added I get three e-mails with the same comment. Is there any way you can remove me from that service? Cheers!
  63. § joe® Email said on :
    You're full of shit, captcha breaker.
Contact / Help. (cc) 2017 by Joseph Hall. open source blog / web hosting sites.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.
And a few words about the structure of the eye . Everyone " retina ". Especially often we hear it buy clomid online in the phrase " retinal detachment ." So what is the retina ? This - the front edge of the brain, the most distant from the brain part of the visual analyzer. The retina receives light first , processes and transforms light energy into irritation - a signal that encodes all the information about what the eye sees . The retina is very complex and in their structure and function . Its structure resembles the structure of the cerebral cortex. The shell of the retina is very thin - about 0.14 mm.