MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
June
Sun Mon Tue Wed Thu Fri Sat
         
12
2007
Months
Jun


Tue, Jun 12, 2007 8:01 pm

Tcpdump Permission Denied on OS-X

I needed to use tcpdump to perform network troubleshooting on an Apple OS-X system (Darwin Kernel Version 7.9.0), but when I tried running it from my account, I received a "permission denied" message.
$ tcpdump
tcpdump: (no devices found) /dev/bpf0: Permission denied

I don't know the root password for the system, but my account has administrator privileges on the system. Without knowing the root password, though, I could not su to the root account. Fortunately, I found a solution at Ethereal "Turbo Charged", where Olivier Biot posted a solution, which I qoute below:

Do a "sudo chown Gurue /dev/bpf*" (or whatever your login name is on your Mac). Once you've done that, you can (at least until the machine is rebooted) run Ethereal or Tethereal or tcpdump or... as yourself, rather than as root. (Mac OS X's "/dev" is implemented with devfs, so the special files aren't persistent across reboots, and it's an older devfs so it can't be configured to set up particular devices with particular owners and permissions, so any ownership or permission changes you make don't survive across reboots.)

I checked the existing permissions on /dev/bpf* files first.

$ ls -l /dev/bpf*
crw-------  1 root  wheel   23,   0 12 Jun 18:32 /dev/bpf0
crw-------  1 root  wheel   23,   1 12 Jun 15:30 /dev/bpf1
crw-------  1 root  wheel   23,   2 12 Jun 15:30 /dev/bpf2
crw-------  1 root  wheel   23,   3 12 Jun 15:30 /dev/bpf3

I then used changed the permissions on just /dev/bpf0. I was prompted for a password when I used sudo chown myacct /dev/bpf0 and was able to change the permissions when I entered my password.

$ sudo chown jdoe /dev/bpf0

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

        #1) Respect the privacy of others.
        #2) Think before you type.

Password:

I was then able to run tcpdump. When I disconnected and reconnected, I received the message tcpdump: (no devices found) /dev/bpf1: Permission denied when I tried running tcpdump again, so I changed the permission on /dev/bpf1 as well. I could have used sudo chown jdoe /dev/bpf* initially to change the permissions on all the /dev/bpf* files. Since I very infrequently need to run tcpdump on this system, it doesn't matter to me that I will have to reset the permissions on the files again whenever the system is rebooted.

[/os/os-x] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo