Wireshark Group

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Wireshark Group

Stephen Rasku
I just installed the "wireshark2" port but it isn't working because of permissions.  On Linux, I would usually add the interfaces to the wireshark group and add myself to that group.

However, it seems that I don't have a wireshark group.  Should it have created one?  Do I need to create it manually?  Is there a better practice to run wireshark as a non-root user (i.e. without sudo)?

...Stephen
Reply | Threaded
Open this post in threaded view
|

Re: Wireshark Group

Rainer Müller-4
On 2017-06-18 18:49, Stephen Rasku wrote:
> I just installed the "wireshark2" port but it isn't working because of
> permissions.  On Linux, I would usually add the interfaces to the
> wireshark group and add myself to that group.
>
> However, it seems that I don't have a wireshark group.  Should it have
> created one?  Do I need to create it manually?  Is there a better
> practice to run wireshark as a non-root user (i.e. without sudo)?

In order to capture packets, wireshark needs read/write access to the
/dev/bpf* device files. You can transfer ownership to a group you are in
and grant that group permission.

  sudo chgrp staff /dev/bpf*
  sudo chmod g+rw /dev/bpf*

FWIW, the upstream wireshark packaging automates this step by creating a
new access_bpf group [1] and installs a launch daemon script [2]. This
way permissions are set up on boot. Something similar could be
contributed to the MacPorts port. At least the required steps should be
documented somewhere, for example in 'port notes'.

Rainer

PS: Please use @lists.macports.org instead of old macOS forge addresses.

[1]
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=packaging/macosx/Scripts/chmodbpf-postinstall.sh;h=08631b3fd12439e1ddaa8856b2a3de8b6f73641c;hb=HEAD
[2]
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=tree;f=packaging/macosx/ChmodBPF;h=4c9b830bc770a69c714621406a0aa28aeddd58e3;hb=HEAD
Reply | Threaded
Open this post in threaded view
|

Re: Wireshark Group

Stephen Rasku
On Sun, Jun 18, 2017 at 11:27 AM, Rainer Müller <[hidden email]> wrote:

> In order to capture packets, wireshark needs read/write access to the
> /dev/bpf* device files. You can transfer ownership to a group you are in
> and grant that group permission.
>
>   sudo chgrp staff /dev/bpf*
>   sudo chmod g+rw /dev/bpf*

Thanks.

Does it need write access?  I added a wireshark group and added myself
to it.  I changed the group on those devices and added group read
permissions.  I did not give it group write permission because I don't
think it needs to write to those devices.  It seems to work.

...Stephen