If you've seen the following message when running tcpdump:
tcpdump: no suitable device foundIt is most probably due to permissions for /dev/bpf* device files (600 by default, owned by root:wheel). It is the same if you don't see any interfaces in Wireshark. To correct this run:
$ sudo chmod go+r /dev/bpf*Please note that this change is lost after reboot. Tested on 10.5 (Leopard).
As a more dangerous alternative you can run tcpdump or Wireshark as root (not recommended). If you installed Wireshark in /Applications folder, use:
$ sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark
No comments:
Post a Comment