Ethereal-users: Re: [Ethereal-users] Re: Ethereal Error Message (ethereal:17023): Gtk-WARNING **
Guy Harris wrote:
Geoff WALLACE wrote:
Get the error "The capture session could not be initiated ((no devices
found) /dev/bpf0: Permission denied).
Please check to make sure you have sufficient permissions, and that
you have the proper interface or pipe specified."
On most UN*X systems, you need sufficient privileges in order to capture
packets.
The good news is that OS X is a BSD, so "sufficient privileges" means
"sufficient privileges to open a BPF device", not "root". You can do
sudo chown {your login name} /dev/bpf*
(at least if your account is set up with administrative privileges) to
make the BPF devices owned by you, which gives you sufficient privileges
to capture (with Ethereal, or with tcpdump, or...). This lets you run
capture programs as yourself, rather than as root, which reduces the
risk of Bad Things happening if those programs have a bug, and means
that if you save a capture it's owned by you, not by root.
The bad news is that OS X is a BSD with a devfs but not with the shiny
new FreeBSD 5.x devfs, so the BPF devices are created anew every time
the system reboots - and can't be configured to be created anew with you
as the owner - so you have to do that "sudo" the first time you want to
run Ethereal (or tcpdump, or...) after each reboot.
It can't be done in an rc script?
--
There's no point in being grown up if you can't be childish sometimes.
-- Dr. Who