This is all excellent information - thank you for sharing. I don't
seem to have a /usr/local/bin directory currently, so I'll create one
and follow your steps. Appreciate the assistance.
Regards
John C
On Wed, Jan 27, 2010 at 11:05 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Jan 26, 2010, at 6:16 PM, John C wrote:
>
>> That corrected the issue - thank you for the helpful information.
>
> If you're running Leopard, "man tcpdump" should give the full story; if you're running Snow Leopard, "man pcap" should give the full story. Look for the section that starts with "Reading packets from a network interface may require that you have special privileges:"; the key part is
>
> Under BSD (this includes Mac OS X):
> You must have read access to /dev/bpf* on systems that don't
> have a cloning BPF device, or to /dev/bpf on systems that do.
> On BSDs with a devfs (this includes Mac OS X), this might
> involve more than just having somebody with super-user access
> setting the ownership or permissions on the BPF devices - it
> might involve configuring devfs to set the ownership or permis-
> sions every time the system is booted, if the system even sup-
> ports that; if it doesn't support that, you might have to find
> some other way to make that happen at boot time.
>
> On OS X Leopard and later, a "way to make that happen at boot time" is to install the attached "chmod_bpf" script in /usr/local/bin (make sure it has execute permission), install the attached "org.tcpdump.chmod_bpf.plist" file in /Library/LaunchDaemons (make sure it's owned by root, group wheel), and then do "sudo launchctl load /Library/LaunchDaemons/org.tcpdump.chmod_bpf.plist". That will arrange that the BPF devices be owned by root, group admin, and have read/write permission for group admin, so all administrative users will be able to run tcpdump, Wireshark, TShark, dumpcap, etc. without having to have root privileges, and that this will be done at boot time for every reboot.
>
> If you want to limit that privilege to yourself, change the "chmod_bpf" script to run the chown command rather than the chgrp command, and not run the chmod command.
>
> (For Tiger and earlier systems, unpack the attached tar file in the /Library/StartupItems directory and then use the appropriate command to run the ChmodBPF startup item; edit the ChmodBPF script in that startup item to change what privileges are required for capture.)
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>