If you have installed 3rd party firewall application like Little Snitch, You must turn off network filtering or re-renable it, and try again. If you use this, you may need to uninstall the non-cask version of wireshark prior to installing the cask.
System Integrity Protection status: enabled. For me, I had to use brew install -cask wireshark. Make sure System Integration Protection is enabled on your system, If not, Reboot your system to recovery mode, and enable SIP with command csrutil enable, then reboot again. It looks like you has installed wireshark on your mac, So /dev/bpf0 has group access_bpf, It is changed by ChmodBPF, So you must ensure you are in the bpf_access group. My colleague has same problem, and we solve this problem by following check list. ((cannot open BPF device) /dev/bpf0: Permission denied)Ġ crw-rw- 1 root access_bpf 23, 0 Aug 22 13:27 bpf0Ġ crw-rw- 1 root access_bpf 23, 1 Aug 22 13:22 bpf1Ġ crw-rw- 1 root access_bpf 23, 2 Aug 22 13:22 bpf2Ġ crw-rw- 1 root access_bpf 23, 3 Aug 22 13:22 bpf3 ((cannot open BPF device) /dev/bpf0: Permission sudo tcpdump -i en0 Tcpdump: en0: You don't have permission to capture on that device Also, my laptop was replaced and the hard drive was the only thing that was transferred.
I have reset permissions and restarted multiple times. I attempted to restore the permissions to defaults and I set them to what's shown below, but I am still getting issues sudo or not. The TCP portion is irrelevant because I am having an issue using bpf devices.
Now I can click WireShark's icon in the Dock, and it appears to be working fine.I may have done something to change my device permissions because I am getting the error: "tcpdump: en0: You don't have permission to capture on that device". Void QCocoaMenu::insertNative(QCocoaMenuItem *, QCocoaMenuItem *) Menu item is already in a menu, remove it from the other menu first before insertingĢ2:01:58 Dbg plugin_dir: /Applications/Wireshark.app/Contents/PlugIns/wireshark The Terminal spit out the following, and then WireShark launched on my desktop: Guess what? I don't know why, but it worked. Then I came across an online comment where someone stated that they typed "sudo wireshark" in the Terminal.
So I conducted some quick research on the web and discovered that I had to enter "sudo ln -s /opt/X11 /usr/X11" in the Terminal in order to restore a link an X11 link that Yosemite breaks. Together with supporting libraries and applications, it forms the X11.app that Apple shipped with OS X versions 10.5 through 10.7. In the initialization window, WireShark would get as far as "Loading module preferences", or about three quarters of the way done, and in the bottom of the window it would say "Please wait while Wireshark is initializing." and then freeze-up. The XQuartz project is an open-source effort to develop a version of the X.Org X Window System that runs on macOS. Regardless of which version I used, WireShark keep freezing up during the initialization process. I made repeated attempts to use both WireShark 1.12.4 and 1.99.3, but without success. Some of this has been shared before, but there is a little added twist at the end which worked for me. This may possibly be of help to other new WireShark users who are having trouble getting WireShark to launch in Yosemite.
Live capture and offline analysis are supported.The most powerful display filters in the industry.Multi-interface: Along with a standard GUI, Wireshark includes TShark, a text-mode analyzer which is useful for remote capture, analysis, and scripting.Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others.Wireshark has a rich feature set which includes the following: Hundreds of developers around the world have contributed to it, and it it still under active development. It is the continuation of a project that started in 1998. Wireshark is one of the world's foremost network protocol analyzers, and is the standard in many parts of the industry.