I opened wireshark and wanted to
capture a packet. I found that the promiscuous mode failed to be captured, and the error was reported as follows: "The capture session could not be initiated on interface'en0' (You don't have permission to capture on that device).
Please check to make sure you have sufficient permissions.
If you installed Wireshark using the package from wireshark.org, Try re-installing it and checking the box for the “Set capture permissions on startup” item.”
In fact, I have encountered this problem before, but I haven’t captured the packet for a long time. Even if I know that it is a network card permission problem, I still can’t think of a specific solution (oh my memory), so let’s write it down. Otherwise, you have to check it again next time if you forget it. A good memory is worse than blogging, hhh.
Solution 1:
1. Open the terminal and enter
sudo chmod 777 /dev/bpf*
2. Press Enter, reopen wireshark, and solve. Simple and fast
Solution 2:
1. Open the terminal and enter:
cd /devsudo chown 你的电脑用户名:admin bp*
Then enter the password.
Note: Your computer user name is generally the string before the'$' symbol at the very beginning of the terminal or input, as shown in the red line part of the figure:
image.png
If you don’t understand yet, type in the terminal: whoami , your username is what appears (the blue line part of the picture above)
2. The terminal continues to input:
ls -la | grep bp
Will appear similar to the following table:
image.png
Our purpose is to modify the blue line part to be the same as the above, and continue to type in the terminal:
sudo chown 你的用户名:admin bp*
Yes, it is actually the same as the one entered in step 1.
Or enter: (this is more targeted, note that bpf4 should be the same as the line on the blue line)
sudo chown 你的用户名:admin bpf4
Then enter ls -la | grep bp, you can see that the table is updated:
image.png
3. Restart wireshark and start capturing packets
Note: bpf4 is an interface, and we can capture packets if we obtain the setting permissions of this interface.
( Berkeley Packet Filter (Berkeley Packet Filter, abbreviation BPF ), is a primitive interface of the data link layer on Unix-like systems, which provides the sending and receiving of original link layer packets. In addition, if the network card driver supports flooding Pan mode, then it can put the network card in this mode, so that all packets on the network can be received, regardless of whether their destination is the host or not.)
This problem may still occur after the Mac restarts, unless you are using the root account, so try to remember the solution.
Hope to help someone who is a little forgetful like me :)
Author: wind315
link: https: //www.jianshu.com/p/23f54c8a6eff
Source: Jane books
are copyrighted by the author. For commercial reprints, please contact the author for authorization, and for non-commercial reprints, please indicate the source.