Technical Musings: Wireshark on OS X

Tuesday, December 6, 2011

Wireshark on OS X

I run Wireshark (formerly Ethereal) on OSX, but by default only root has rights to the ethernet devices.  So either you run it as root, which is a security risk, or you give your own user the rights.  The devices (/dev/bf*) that are used are recreated every boot, so just 'chown'ing them won't do.

First add your user to the wheel group:


dscl . append /Groups/wheel GroupMembership 'username'

The run this command:

sudo chmod g+rw /dev/bpf*; open /Applications/Wireshark.app

I added that command to my .profile file as an alias for convenience:

alias wireshark='sudo chmod g+rw /dev/bpf*; open /Applications/Wireshark.app'

No comments: