You can then add/remove users from that group to give or remove permission to capture network packets within Wireshark. If you open System Preferences and then Users & Groups, you'll be able to fold out the "Groups" part of the tree and see "access_bpf" listed there. The access_bpf groups is actually also created by Wireshark installer. If you look at the actual script run by the LaunchDaemon in /Library/Application Support/Wireshark/ChmodBPF/ChmodBPF, you'll see that it creates 256 devices entries /dev/bpf0 to /dev/bpf255 and sets to that everyone in the access_bpf group can read and write to these device files. you have to enter an administrator user password to install the software). More specifically you can look at the file /Library/LaunchDaemon/ to see what it does and when it is run.Īs creating these LaunchDaemons require superuser privileges in itself, the Wireshark installer requires you to be a superuser (i.e. something that runs with superuser privileges on boot) for setting special permissions to capture network packets.
Wireshark 3.4 was the last release branch to support macOS 10.12. Apple Silicon hardware is supported natively starting with version 4.0 Wireshark 3.6 was the last release branch to support macOS 10.13. Similar to Windows, supported macOS versions depend on third party libraries and on Apple’s requirements. In order to capture packets, you must install the ChmodBPF launch daemon. Wireshark supports macOS 10.14 and later. See Section 2.8, Updating Wireshark for details. The reason is that the Wireshark installer installs a LaunchDaemon (i.e. To install Wireshark simply open the disk image and drag Wireshark to your /Applications folder.
0 kommentar(er)
