Wireshark ChmodBPF errors on Snow Leopard

Home > Misc > Wireshark ChmodBPF errors on Snow Leopard

Wireshark ChmodBPF errors on Snow Leopard

October 3rd, 2009 Leave a comment Go to comments

When I got Snow Leopard, I decided to do some house cleaning. I wiped the disk and reinstalled everything from scratch. I didn’t have any problems along the way until I went to install my favorite network protocol analyzer: Wireshark.

Installing is a simple matter of dragging the application into your Applications folder, but there’s also a startup item that sets some necessary permissions. To set that up, go into the Utilities folder on the Wireshark disk image, and drag the ChmodBPF folder onto the StartupItems shortcut. It’ll prompt you to authenticate and then copy. If you restart at this point, you’ll get an error message that says “Insecure Startup Item disabled. – “/Library/StartupItems/ChmodBPF” has not been started because it does not have the proper security settings.”

Using information from an Apple support article, I realized you need to change the owner of the scripts for them to be run on startup. Run the command below and everything will work fine!

cd /Library/StartupItems
sudo chown -R root:wheel ChmodBPF

Update (7/14/2010) – Make sure you restart your computer after running this command. The script only runs at startup, so just changing the permissions doesn’t do anything by itself. You have to restart for the script to run.

Update (1/26/2011) – From whaefelinger (in the comments): No you don’t need to [restart your computer]. To check whether the script gets automatically executed, just log out and log in again. Strictly talking, you don’t even need to do that. Just run the script like ‘sudo /Library/StartupItems/ChmodBPF/ChmodBPF start’ to get going.

Share and Enjoy:

Categories: Misc Tags: wireshark

http://lukaug09.blogdns.com Catherine & Henrik

IT WORKS thank you.
http://michaelgracie.com/2009/10/13/getting-wireshark-running-on-os-x-snow-leopard-10.6/ Getting Wireshark running on OS X Snow Leopard 10.6 | Michael Gracie

[...] note: special thanks goes out to Nick Kleinschmidt and Dan Hale for helping out [...]
http://www.myphotobook.co.uk Rich

Yesss!!! Thank you!

For others who will undoubtedly run into the same problem, I’ll make the following note:

The fact that ChmodBPF is failing to set the correct permissions will go unnoticed to the majority of users, because the ““Insecure Startup Item disabled” error, is of course only visible at the command line.

However, at a higher level, the very real and visual problem, that this will solve is that “The wireshark interface list is empty”

That was my problem and it took a little bit of detective work to track down the ultimate culprit. But now everything up and running, thanks again to this tip
Vi

Thank you for this tip. It was the last step I needed to get Wireshark working.
Richard

Thank you, thank you, thank you!
I can now diagnose my Draytek router when it loses DNS connectivity over Wifi.
http://cs.thefoleyhouse.co.uk/blogs/karl Karl Foley

Thanks – That’s been bugging me for a while now…
http://www.SMTPS.net chort

Awesome, thanks!
Marco

Good job! Thanks a lot
Bill

Thank you so much. This was driving me crazy only being able to get it to work from the command line.
Rob

The above commands did not work for me, but this did:

sudo chmod 644 /dev/bpf*
Terry

Also, for the StartupParameters.plist files, invoke this from the CLI:

sudo chown -R root:wheel StartupParameters.plist

then restart so that BPF permissions are enabled for Wireshark, or simply
invoke this on the CLI without restarting:

sudo SystemStarter start ChmodBPF
lowlow

many thx
for the command to
gettnig it work !!!
http://www.dobox.com/ Bruce

Thank you so much. This was driving me crazy only being able to get it to work from the command line.
Thomas

I didn’t have any luck with this, I still get the error. ug.
tecnik

What they said^^ Cheers!!
Jahn

Same as Thomas, still not having any luck. I opened up the command prompt copied the above command
cd /Library/StartupItems
sudo chown -R root:wheel ChmodBPF

It asked me for my password, i entered it, pressed enter then opened up WireShark.
Still no interfaces or capturing devices
Nick Kleinschmidt

I wasn’t very clear on this in the article, but you need to restart your Mac after changing the permissions for the script to work. Adding an update to my post to make sure nobody misses it in the future. I just reinstalled on Mac OS 10.6.4 and everything shows up fine for me after a restart.
http://xano.com.br Xano

Thanks man! Works perfecty!!
simples

I havent to my knowledge installed Wireshark but get the same:”/Library/Startupitems/ChmodBPF” appear at start up, any ideas?
Nick Kleinschmidt

That script could also apply to other packet capturing software you may have installed like libpcap or tcpdump. If you’re not using packet capturing software, you might try moving it out of startup items and restarting, then wait to see what stops working.
kaiel

thanks a lot!
tom

works, thanks very much.
Aaron

I’ve been tracking this down for a few hours today … installed Wireshark on a new machine and could not see the interfaces. I ran across several other suggestions that were similar to yours including on wireshark.org, but yours is the only one that worked! Thanks very much for putting this out there … you might want to install a tipjar!
http://haefelinger.it whaefelinger

“I wasn’t very clear on this in the article, but you need to restart your Mac after changing the permissions for the script to work.”

No you don’t need to. To check whether the script gets automatically executed, just log out and log in again. Strictly talking, you don’t even need to do that. Just run the script like ‘sudo /Library/StartupItems/ChmodBPF/ChmodBPF start’ to get going.
Nick Kleinschmidt

@whaefelinger
Good call! Thanks for the tip!
http://blogs.tulsalabs.com/?p=148 Wireshark ChmodBPF errors on Snow Leopard « Tulsa Labs

[...] Wireshark ChmodBPF errors on Snow Leopard [...]
Wireshark + OSX 10.6.6 = Success

So a lot of people have been having trouble running Wireshark on OSX 10.6.6, having no interfaces, and when applying the CHmodBPF, they get login errors. Not to fear! Here is how I fixed it. Install Wireshark via Macports, and when starting up Wireshark, run it with “sudo”, so your start command is “sudo wireshark”. Enter password, and all fixed! You don’t even need to keep the CHmodBPF folder in the startupitems folder for it to work.

Happy sniffing!
Nick Kleinschmidt

@Wireshark + OSX 10.6.6 = Success

Sudo is always a magic solution, but it’s not usually a good idea to run lots of programs as root, as there’s potential for lots of damage or malicious activity.
http://sites.google.com/site/brandizzi Adam

Sorry for being repetitive, but thank you! It worked
http://johntmcintosh.com/2010/07/09/install-wireshark-on-snow-leopard-10-6/ johntmcintosh.com » Blog Archive » Install Wireshark on Snow Leopard (10.6)

[...] has not been started because it does not have the proper security settings.” Thanks to Nick Kleinschmidt’s Blog, I found how to remedy this. Run the following from Terminal to change the owner of the scripts [...]
Tomas

Solved my problem. Thank you very much!
shamurti

@Rob

The command “sudo chown -R root:wheel ChmodBPF” alone did not work for me.

I had to also use (from Rob’s suggestions above):
sudo chmod 644 /dev/bpf*

Thanks to all …..
simonu

helpfull!!!
Joshua Davies

Thanks – you’d think they would have mentioned that in the README…
Sinnombre

un-quarantine the file if it as an @ next to it after permissions with ls -al
sudo xattr -r -d com.apple.quarantine /Library/StartupItems/ChmodBPF

For Startup Employees, Learning is Job One Git Workflow – Part 4: Remote Branches

Lifestream

Thanks, LinkedIn. Clearly I'm missing out on awesome people because I lack XML in my profile. http://t.co/H2mq1aWw [kleinsch]

— January 12th via Twitter
Gluten free in 2012 means there's going to be a lot more 12-packs of Woodchuck hard cider in my future [kleinsch]

— January 7th via Twitter
A 20 degree morning run is the perfect time to test the Mizuno Breath Thermo base layer and Salomon Running jacket I got for Christmas [kleinsch]

— January 4th via Twitter
Just signed up for the @luraytriathlon Double and @musselmantri DoubleMussel. Bank account smaller, race calendar growing! [kleinsch]

— December 31st via Twitter
Enjoying the best Christmas movie ever: Jingle All the Way [kleinsch]

— December 25th via Twitter
I just finished IM Cozumel with a time of 16:34:22. http://t.co/9UXFPrfQ. [kleinsch]

— November 28th via Twitter
IM Cozumel Update - I just finished TOTAL RUN - 42.4 km (6:33:37) at a pace of 9:17/km. http://t.co/9UXFPrfQ. [kleinsch]

— November 28th via Twitter
IM Cozumel Update - I just finished RUN SPLIT 3: 34.88 km at a pace of 10:38/km. http://t.co/9UXFPrfQ. [kleinsch]

— November 28th via Twitter
IM Cozumel Update - I just finished RUN SPLIT 2: 20.96 km at a pace of 8:16/km. http://t.co/9UXFPrfQ. [kleinsch]

— November 28th via Twitter
IM Cozumel Update - I just finished RUN SPLIT 1: 7.04 km at a pace of 8:58/km. http://t.co/9UXFPrfQ. [kleinsch]

— November 28th via Twitter

Kleinsch

Wireshark ChmodBPF errors on Snow Leopard

Networks

Archives

Categories

Lifestream