디바이스 파일 /dev/bpf*의 권한 문제로 Wireshark프로그램에서 네트워크 인터페이스를 실행할수가 없는 것이다.
그래서 그 프로그램에 포함되어있는 ChomdBPF로 설정을 변경해줘야 한단다.
설치후 실행해준 명령들을 적어놓는다.
다른곳에서 찾아서 참고 한 것이지만 나중에 잊어버렸을 때 참고하기 위해서 적어놓는다.
$sudo chown -R root:admin /opt/local/bin
$sudo mkdir /Library/StartupItems/ChmodBPF/
$sudo cp /Volumes/Wireshark/Utilities/ChmodBPF/* /Library/StartupItems/ChmodBPF/
$sudo chown -R root:wheel /Library/StartupItems/ChmodBPF/
http://nulonge.tistory.com/36 이 사이트에서 참고했다.
버전이 올라가면서 폴더명이 조금 바뀌어서 그런지 한줄은 수정해서 사용하였다.
잘 돌아간다. 처음에는 왜 안되 했지만 재부팅후 사용하지 아주 잘 되었다.
안되어서 다른 패킷분석 프로그램인 CocoaPacketAnalyzer도 깔아 놨다.(이 프로그램은 다른 세팅이 필요없다.)
그런데 재부팅 후 잘 돌아가서 그냥 Wireshark을 쓸 것같다.
I've been playing around with network traces and recently installed Wireshark (formerly Ethereal) which is a packet-capture tool that captures all the traffic across a network. (More from Wikipedia here.)
I had a bit of difficulty getting it up and running. Here is what I did:
Download the DMG from http://www.wireshark.org/download.html. Unpack it.
/Applications/and copy all the executables in the
Utilities/directory in the DMG to a place in your PATH, like
/usr/local/bin/. (If you're running as a non-admin user, you'll have to authenticate as an admin to do this.)
Now, anything in
/dev/bpf*needs to be both readable and writable by the
admingroup in order to run Wireshark. Unfortunately, we have to set these permissions during system start-up. The "
Read me first.rtf" file in the Wireshark DMG explains how to copy over a start-up item that will handle this:
Utilties/ChmodBPFfolder [on the DMG], contains the ChmodBPF startup item from the
libpcapdistribution. This can be used to set the permissions of
/dev/bpf*when your system starts up. See
Utilties/ChmodBPF/README.macosxfor more details.
Copy the entire
/Library/StartupItems. (again, if you're running as a non-admin, you'll have to authenticate as one to copy this over. In fact, Mac OS will probably ask you to "fix" this startup item and reboot after you reboot the first time after this.)
At this point, you might think you can reboot and fire up Wireshark. Go for it; see what happens. However...
When you first start Wireshark you'll probably get an error that says something like:
The following errors were found while loading the MIBS: -:0 1 module-not-found failed to locate MIB module `IP-MIB' ...
The key here is that Wireshark is looking for some stuff, and can't find it. After consulting this Wireshark bug thread, the solution seems to be simple:
- In Wireshark, open the Preferences ("Edit" -> "Preferences").
- Click on the "Name Resolution" tab.
- Click on "Edit" next to the entry for "SMI (MIB and PIB) paths".
- Click "New" and put
- Click "Ok" until Preferences is closed. Restart Wireshark.
The error above should now be gone.
Now, if you're running as an admin user: first, shame on you, punk! Second, you'll probably see a list of network interfaces in Wireshark in the "Interface List". That's good and you're ready to start capturing packets.
However, if you don't see any available interfaces, you're probably running as a non-admin. If you plan on running as a non-admin when you use Wireshark in the future, you need to make one more change. The problem here is that the
ChmodBPFstart-up item we installed earlier (that changes permissions on
/dev/bpf*) only works for users in the
admingroup. So, we need a way of allowing the user you're running as to at least read stuff in
A simple solution, and you can do this to check and see if you can capture with this change is to simply do
sudo chmod o+r /dev/bpf*. That works, but it allows any user on your machine to sniff packets. A better solution is to just add a line to the
chown(change the owner of) those things to the user you want to run as:
- Open the
ChmodBPFscript, which is located in
/Library/StartupItems/ChmodBPF/ChmodBPF, in a text editor.
chownline so that the file looks like this:
... chgrp admin /dev/bpf* chmod g+rw /dev/bpf* chown foobar:admin /dev/bpf* } ...
foobarhere with the user you want to run Wireshark under.
Save the file.
- Open the
If you're doing a fresh Wireshark install on Snow Leopard (Mac OS X 10.6), it appears that the ownership of the
ChmodBPFfiles needs to be changed. So, fire up the terminal and do the following:
cd /Library/StartupItems sudo chown -R root:wheel ChmodBPF
After all of this, you should be able to capture network traces and such.
Wireshark is every
fly fisher who’s missing the fall brown run’s ubergeek’s favorite network protocol analyzer, both because it kicks main butt, and it’s free. With the recent upgrade to Snow Leopard, I finally found a need to upgrade. Then the trouble started (i.e. Wireshark didn’t work anymore). After doing a little research and scanning the support boards, I’ve got it running error free. But as the tips I used to get it that way are spread across the interwebs, I’m assembling the step-by-step here for the rest of you streamer-obsessed knuckleheads who are breaking fly rods over their knees as we speakWireshark/Snow Leopard users who have just as little time on their hands as I do right now.
Download Wireshark from here. Mount the .dmg file.
Drag the Wireshark application icon to the handy dandy Applications alias the fine developers at Wireshark provided for you in that disk image. Then, open up the Utilities folder in the disk image, and drag the ChmodBPF folder into the StartupItems alias sitting below it. After that, open up a new finder window and navigate to
/usr/local/bin. Open up the Command Line folder in the disk image (under /Utilities) and drag those contents over to
/usr/local/bin. You’ll probably have to authenticate at that point, so do so.
Open up a terminal window and type in the following commands:
sudo chown -R root:wheel ChmodBPF
You’ll probably be asked to enter an su password. Do so. Then exit terminal.
Go to Applications and click on Wireshark. When the application opens you’ll probably see a another window open up along with it containing a bunch of errors. Close that window. Next, select Edit then Preferences from the Wireshark application window. Select Name Resolution, and click the Edit button next to “SMI (MIB and PIB paths”. Click the new button, and enter
/usr/share/snmp/mibs/ in the little Directory Path popup window. Click Apply, and then Close.
Exit Wireshark and reboot.
All should be well in network protocol analyzer-ville.
날짜 : 2010/06/05
위의 창이 뜨면 익숙한 사용자라면 'wireshark' 애플리케이션을 Applictaions폴더로 드래그를 바로 하겠지요?
제품을 사면 항상 읽어보지 않는 사용설명서. 하지만 읽어보지 않으면 설치하는데 어려움을 겪을 수 있습니다.
내용은 아래와 같습니다.
Before You Begin
이 와이어샤크 릴리즈는 Mac OS X 10.5.5(레오파드)혹은 이후 버전과 XQuartz (X11.app)를 필요로 합니다. 만약 OS X 10.5.4(타이거)혹은 이전 버전이라면, MacPorts나 Fink를 이용하여 설치할 수 있습니다.
This release of Wireshark requires Macintosh OS X 10.5.5 or later and XQuartz (X11.app). If you are running OS X 10.5.4 or older, you can install using MacPorts or Fink.
1. 와이어 샤크 아이콘을 Applications 가상본으로 드래그 합니다.
1. Drag the Wireshark icon onto to the Applications alias.
2. 유틸리티 폴더를 엽니다.
2. Open the Utilities folder.
3. Command Line 폴더를 $HOME/bin혹은 /usr/local/bin, /opt/wireshark/bin 혹은 PATH 경로에
있는 위치에 드래그 합니다.
3. Drag the contents of the Command Line folder to $HOME/bin, /usr/local/bin, /opt/wireshark/bin or any other
location that makes sense (preferably one that's in your PATH).
4. 캡쳐를 하기 위해서 /dev/bpf*에 대한 권한 조정이 필요할 수 있습니다. ChmodBPF 폴더를
StartupItems 가상본으로 드래그하여 처리할 수 있습니다.
4. You will probably need to adjust the permissions of /dev/bpf* in order to capture. You can do this by hand
or by dragging the ChmodBPF folder onto the StartupItems alias.
이 디스크 이미지(.dmg)는 다음과 같은 것들을 포함하고 있습니다.
This disk image contains the following:
- 여러분의 시스템에 어디든 위치해서 사용할 수 있는 와이어샤크 애플리케이션. X11이 필요합니다.
- The Wireshark application, which can be placed anywhere on your system. It requires X11.
- 와이어샤크의 명령 라인 유틸리티들의 링크를 포함하고 있는 유틸리티/명령 라인 폴더. 이것들은 여러분의 시스템에 어디든 위치해도 상관없지만, 같은 디렉토리내에 있어야 합니다. 만약 와이어샤크를 /Application 이외의 폴더에 위치하였다면, 제대로 동작시키기 위해 환경변수 WIRESHARK_APP_DIR를 설정해야합니다.
- The Utilities/Command Line folder, which contains links to Wireshark's command line utilities. These can be placed anywhere on your system, but they must all be in the same directory. If you placed Wireshark in a folder other than /Applications, you'll have to set WIRESHARK_APP_DIR in order for these to work.
- libpcap 배포를 위한 ChmodBPF를 시작시키기 위한 아이템들이 들어있는 Utilities/ChmodBPF 폴더. 이것은 시스템이 시작될 때 /dev/bpf*의 권한을 가지고 있어야 합니다. Utilties/ChmodBPF/README.macosx에 자세히 설명되어 있습니다.
- The Utilties/ChmodBPF folder, which contains the ChmodBPF startup item from the libpcap distribution. This can be used to set the permissions of /dev/bpf* when your system starts up. See Utilties/ChmodBPF/README.macosx for more details.
- 그리고 읽고 있는 바로 이 파일
- This file