problems running wireshark on macos 13

Properly working Wireshark

Today was one of those days. I’ve got Wireshark installed on my Macs, and I’ve had Wireshark installed on all my Macs for years (decades, back to when it was called Etherial). Today after upgrading to macOS 13.2 I decided to do a bit of home network research and fired up the latest version of Wireshark, 4.0.3. That’s when I got the error you see below. I did a fair amount of internet research (i.e. “googling”) and finally constructed a solution that works for me. First my solution, then a partial explanation of what might be happening.

My solution consists of creating the following zsh alias:

alias wireshark='sudo /Library/Application\ Support/Wireshark/ChmodBPF/ChmodBPF && Wireshark'

When I open a shell (iTerm in my case) and type in wireshark I’ll get a prompt for my password, then Wireshark will start and execute correctly.

Why is this happening? Somehow, someway, the script ChmodBPF is not executing with proper permissions to create Wireshark pseudo devices, /dev/bp*. The script is supposed to execute every time I log in, and create many of those pseudo devices (256 on my machine) that Wireshark then uses. I don’t have a deep knowledge of Wireshark so I don’t know what Wireshark is doing with all those devices.

Because of ChmodBPF’s failure, only four pseudo devices were created, and they all had root:wheel ownership, not my username:admin. That then caused Wireshark to fail to properly work.

I discovered a lot of half-assed solutions, such as changing permissions directly on the pseudo devices. Running the script as sudo came from reading a thread on Wireshark’s GitLab issue wiki: . It should be pointed out that if you reboot your Mac that the devices are wiped out, and you’re going to have to run the script as sudo again, at least once. I just combined everything into a terminal alias. I live in the terminal so it doesn’t bother me.

using cockpit with a raspberry pi 4b

I’ve placed several Raspberry Pies around my house, and they’re all headless. That means no attached screen, keyboard, or mouse. In the past when I set up a headless system that meant logging into them via SSH. That was OK, but there were times when I wished for some bit of a graphical desktop. Then along came Cockpit.

Cockpit ( ) is a web-based graphical interface for remote system management, whether it’s sitting somewhere else with a screen, keyboard, and mouse, or else it’s a headless system away from you. Cockpit is an installable package for just about every Linux distribution under the sun, including Raspian. You can follow the setup and operational directions at the Cockpit home page.

Cockpit’s very complete and is capable of giving you, the remote user, complete insight into a remote system all within your browser of choice. I can’t speak to all browsers, but I’ve tested it with Firefox (this example is running on macOS Catalina and a 2012 Mac Mini Server), Chrome, Safari, and Vivaldi. When I do use Cockpit I always leave it open on the terminal.

The terminal page in Cockpit is a full-blown terminal. I haven’t found an ASCII application or tool yet that I couldn’t run within that terminal. That includes complex tools such as htop and btop. Since I’ve been using Cockpit, I’ve had no need to ssh into the system.