Wireshark ChmodBPF errors on Snow Leopard

03 Oct 2009

When I got Snow Leopard, I decided to do some house cleaning. I wiped the disk and reinstalled everything from scratch. I didn’t have any problems along the way until I went to install my favorite network protocol analyzer: Wireshark.

Installing is a simple matter of dragging the application into your Applications folder, but there’s also a startup item that sets some necessary permissions. To set that up, go into the Utilities folder on the Wireshark disk image, and drag the ChmodBPF folder onto the StartupItems shortcut. It’ll prompt you to authenticate and then copy. If you restart at this point, you’ll get an error message that says “Insecure Startup Item disabled. - “/Library/StartupItems/ChmodBPF” has not been started because it does not have the proper security settings.”

Using information from an Apple support article, I realized you need to change the owner of the scripts for them to be run on startup. Run the command below and everything will work fine!

cd /Library/StartupItems
sudo chown -R root:wheel ChmodBPF

Update (7/14/2010) - Make sure you restart your computer after running this command. The script only runs at startup, so just changing the permissions doesn’t do anything by itself. You have to restart for the script to run.

Update (1/26/2011) - From whaefelinger (in the comments): No you don’t need to [restart your computer]. To check whether the script gets automatically executed, just log out and log in again. Strictly talking, you don’t even need to do that. Just run the script like ‘sudo /Library/StartupItems/ChmodBPF/ChmodBPF start’ to get going.