Wireshark - you don't have permission to capture on that device mac

Question

I installed Wireshark and during the installation it showed an error but the installation itself completed. When I ran the program and tried to capture packets on my network, it showed this error:

I'm new to mac so i don't even know how to properly ask.

Could someone help me?

Answer 1

According to User: gmale's answer on ask.wireshark.org, he solved his problem in this way and I'm sure that it could solve yours as well. It says:

1- Open Terminal

2- Type 'whoami' or Copy and paste this command To see your exact user name:

whoami

(for me that was AliGht)

3- Now execute the following commands:

cd /dev

And grant your username admin access:

sudo chown YourComputerUsername:admin bp*

and enter your computer password, if it is your first time, then it is normal in Unix command line or cmd to not see the passwords you type in the cmd, due to the security of your computer:

4- now type this command for to find bp:

ls -la | grep bp

The last command will display a list of files such as:

5- Make sure all of them have your user name and admin as the user/group. For some reason, the last one didn't get assigned properly so I had to run the command:

sudo chown YourComputerUsername:admin bpf4

so the last command fixed my problem as you see in the last image:

Done!

If your WireShark is open then close it and open it again.

All credits of this tutorial goes to user gmale on ask.wireshark.org,

If you want to open WireShark always as administrator then take a look to another post which I created a shortcut for it via Applescript, and this is the only way which you can open the WireShark always as administrator even when you turn off/on your mac.

Answer 2

I couldn’t get Wireshark working on my iMac 24” with macOS Ventura 13.3.1 and an M1 chip.

I think the first problem was that I installed the Arm version instead of the Intel version. So I fixed that and it still wasn’t working.

Then I disabled the Little Snitch app, which installed a Content Filter as seen under Settings: Network: Filters & Proxies, and Wireshark suddenly worked.

Answer 3

I do not want to modify my folder permissions on my system device files like the accepted answer, but I was able to get permissions by opening Wireshark like this:

sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark

Bonus, you can add an alias to your ~/.zshrc:

alias ws="sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark"

Now execute the file: (or you can open a new terminal window)

source ~/.zshrc

Open wireshark with super user permissions:

ws

Answer 4

sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark

This should work.

Answer 5

Run the application from the terminal with the following command:

User$ **sudo Wireshark**

Wireshark should open and packet capture should work then.

Answer 6

I got same issue and then notice below document provide solution already.

---

https://www.wireshark.org/docs/wsug_html_chunked/ChBuildInstallOSXInstall.html

2.5. Installing Wireshark under macOS The official macOS packages are distributed as disk images (.dmg) containing the application bundle. To install Wireshark simply open the disk image and drag Wireshark to your /Applications folder.

In order to capture packets, you must install the “ChmodBPF” launch daemon. You can do so by opening the Install ChmodBPF.pkg file in the Wireshark .dmg or from Wireshark iself by opening Wireshark → About Wireshark selecting the “Folders” tab, and double-clicking “macOS Extras”.

The installer package includes Wireshark along with ChmodBPF and system path packages. See the included Read me first.html file for more details.

Answer 7

Was having same issue with install and run permissions etc. Attempted a few of the above mentioned fixes and although they would come back with the desired result program still would not run properly even with uninstall/install in addition.Getting a bit overwhelmed with it not working after several remedies being attempted I came to one that was super simple and worked -

I simply set up/checked log in as root user. Here you can enable/disable root user account, enable log in account and change root password. So I just switched profiles from my Admin account to the Root account. (I am honestly not sure if its safe to do it this way, so thinking many of you have far more knowledge on this than me I'd appreciate your comments on that!) Also my understanding is that you cannot properly run sudo commands if root account is enabled - So probably just tuning it off if it were on would suffice, but I wanted a quick and easy install at that point. The steps are really easy:

support.apple.com/en-us/HT204012

Then just switch user accounts to root -Log in with "other" then type root and your password.

Now just install Wireshark and it should install and run properly! **I don't think I would stay in root account after install.

Hope maybe this will help some!

Answer 8

I have faced the same problem in MacOS High Sierra (v10.13.6). I have clean-up all dependency files and folders but nothing works for me.

Using the terminal, if I run the following command then it is working -

sudo chmod o+r /dev/bpf*

Answer 9

Wireshark provides the solution itself, along with the explanation of weird secrets:

1. add your user to the group "access_bpf" by commanding
   sudo dseditgroup -o edit -a `whoami` -t user access_bpf

2. then launch Wireshark's script
   sudo "/Library/Application Support/Wireshark/ChmodBPF/ChmodBPF";

That's all, because (as the script explains):

# Unfortunately, macOS's devfs is based on the old FreeBSD
# one, not the current one, so there's no way to configure it
# to create BPF devices with particular owners or groups. BPF
# devices on macOS are also non-cloning, that is they can
# be created on demand at any time. This startup item will
# pre-create a number of BPF devices, then make them owned by
# the access_bpf group, with permissions rw-rw----, so that
# anybody in the access_bpf group can use programs that capture
# or send raw packets.

Answer 10

I don't know how to solve this problem, but if you want a temporary fix, you can use the following command:

$ sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark

Answer 11

If you want to open WireShark always as administrator I suggest to use AppleScript:

Open AppleScript: By pressing cmd+space and write AppleScript Editor in the Spotlight Search as picture below:

Then from File --> Choose NEW

In the open window write:

do shell script "/Applications/Wireshark.app/Contents/MacOS/Wireshark" ¬
    with administrator privileges user name "username" password "password"

Change the "username" and "password" with yours. If you don't know your username in terminal write "whoami" to see your username, password is your computer password!.

Mine is look like this:

Now export your script as Application, by going to --> File --> Export , and change File Format to Application write a name for your file and Save it on your desktop like following pictures:

DONE now run your App from Desktop, and by this way your WireShark runs always by Admin Permission.