Wireshark - you don't have permission to capture on that device mac

Question

I installed Wireshark and during the installation it showed an error but the installation itself completed. When I ran the program and tried to capture packets on my network, it showed this error:

I'm new to mac so i don't even know how to properly ask.

Could someone help me?

Answer 1

According to User: gmale's answer on ask.wireshark.org , he solved his problem in this way and I'm sure that it could solve yours as well. It says:

1- Open Terminal

To see your exact user name (for me that was AliGht )

2- Type 'whoami'

3- execute the following commands:

cd /dev
sudo chown AliGht:admin bp*

and enter your computer password :

4- now type this command:

ls -la | grep bp

The last command will display a list of files such as:

5- Make sure all of them have your user name and admin as the user/group. For some reason, the last one didn't get assigned properly so I had to run the command :

sudo chown AliGht:admin bpf4

so the last command fixed my problem as you see in the last image:

Done!

If your WireShark is open then close it and open it again.

All credits of this tutorial goes to user gmale on ask.wireshark.org ,

If you want to open WireShark always as administrator then take a look to another post which I created a shortcut for it via Applescript, and this is the only way which you can open the WireShark always as administrator even when you turn off/on your mac.

Answer 2

我不知道如何解决这个问题，但如果你想临时修复，可以使用以下命令：

$ sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark

Answer 3

Wireshark provides the solution itself, along with the explanation of weird secrets:

1. add your user to the group "access_bpf" by commanding
   sudo dseditgroup -o edit -a `whoami` -t user access_bpf

2. then launch Wireshark's script
   sudo "/Library/Application Support/Wireshark/ChmodBPF/ChmodBPF" ;

That's all, because (as the script explains):

# Unfortunately, macOS's devfs is based on the old FreeBSD
# one, not the current one, so there's no way to configure it
# to create BPF devices with particular owners or groups. BPF
# devices on macOS are also non-cloning, that is they can
# be created on demand at any time. This startup item will
# pre-create a number of BPF devices, then make them owned by
# the access_bpf group, with permissions rw-rw----, so that
# anybody in the access_bpf group can use programs that capture
# or send raw packets.

Answer 4

If you want to open WireShark always as administrator I suggest to use AppleScript:

Open AppleScript: By pressing cmd+space and write AppleScript Editor in the Spotlight Search as picture below:

Then from File --> Choose NEW

In the open window write:

do shell script "/Applications/Wireshark.app/Contents/MacOS/Wireshark" ¬
    with administrator privileges user name "username" password "password"

Change the "username" and "password" with yours. If you don't know your username in terminal write " whoami " to see your username, password is your computer password!.

Mine is look like this:

Now export your script as Application, by going to --> File --> Export , and change File Format to Application write a name for your file and Save it on your desktop like following pictures:

DONE now run your App from Desktop, and by this way your WireShark runs always by Admin Permission .

Answer 5

I have faced the same problem in MacOS High Sierra (v10.13.6). I have clean-up all dependency files and folders but nothing works for me.

Using the terminal, if I run the following command then it is working -

sudo chmod o+r /dev/bpf*

Answer 6

Was having same issue with install and run permissions etc. Attempted a few of the above mentioned fixes and although they would come back with the desired result program still would not run properly even with uninstall/install in addition.Getting a bit overwhelmed with it not working after several remedies being attempted I came to one that was super simple and worked -

I simply set up/checked log in as root user. Here you can enable/disable root user account, enable log in account and change root password. So I just switched profiles from my Admin account to the Root account. (I am honestly not sure if its safe to do it this way, so thinking many of you have far more knowledge on this than me I'd appreciate your comments on that!) Also my understanding is that you cannot properly run sudo commands if root account is enabled - So probably just tuning it off if it were on would suffice, but I wanted a quick and easy install at that point. The steps are really easy:

support.apple.com/en-us/HT204012

Then just switch user accounts to root -Log in with "other" then type root and your password.

Now just install Wireshark and it should install and run properly! **I don't think I would stay in root account after install.

Hope maybe this will help some!

Answer 7

I got same issue and then notice below document provide solution already.

---

https://www.wireshark.org/docs/wsug_html_chunked/ChBuildInstallOSXInstall.html

2.5. Installing Wireshark under macOS The official macOS packages are distributed as disk images (.dmg) containing the application bundle. To install Wireshark simply open the disk image and drag Wireshark to your /Applications folder.

In order to capture packets, you must install the “ChmodBPF” launch daemon. You can do so by opening the Install ChmodBPF.pkg file in the Wireshark .dmg or from Wireshark iself by opening Wireshark → About Wireshark selecting the “Folders” tab, and double-clicking “macOS Extras”.

The installer package includes Wireshark along with ChmodBPF and system path packages. See the included Read me first.html file for more details.

Answer 8

Run the application from the terminal with the following command:

User$ **sudo Wireshark**

Wireshark should open and packet capture should work then.

Answer 9

sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark

这应该有效。