# Wireshark cannot see interfaces



## sk8harddiefast (Dec 12, 2010)

I want to try Wireshark. Just I am completely noob on Networks I made my first try to learn something new  Wireshark compiled and installed just fine. None error or any problem. But when I open it and went to select my Interface to start capturing packages then Wireshark tells me:

```
There are no interfaces on which a capture can be done.
```
My interface is re0. Should be re0 on interfaces. Right?


----------



## graudeejs (Dec 12, 2010)

you need to run Wireshark with root priviledges
(Not sure, don't remember, but maybe you need *bpf* in kernel)


----------



## sk8harddiefast (Dec 12, 2010)

I run it as simple user. Also bpf is enabled on my Kernel


----------



## graudeejs (Dec 12, 2010)

Then use su(1) or security/sudo


----------



## DutchDaemon (Dec 12, 2010)

Do not run Wireshark as root. This is unneeded. Just make sure your user has read access to the /dev/bpf devices.

I have this in /etc/devfs.conf (I'm a wheel user)


```
own     /dev/bpf0       root:wheel
perm    /dev/bpf0       0640
own     /dev/bpf1       root:wheel
perm    /dev/bpf1       0640
own     /dev/bpf2       root:wheel
perm    /dev/bpf2       0640
```

Works fine. No root needed.


----------



## SIFE (Dec 12, 2010)

```
own     /dev/bpf*       root:wheel
perm    /dev/bpf*       0640
```
That is will be enough.


----------



## graudeejs (Dec 12, 2010)

Just remember, that keeping bpf readable for everyone is security issue


----------



## sk8harddiefast (Dec 12, 2010)

Thanks all of you  Wireshark now see interfaces and work fine


----------



## DutchDaemon (Dec 13, 2010)

killasmurf86 said:
			
		

> Just remember, that keeping bpf readable for everyone is security issue



No one here's suggesting making bpf readable for everyone, right? 0640/root:wheel is tight enough in this case. You probably wouldn't want a non-wheel user sniffing your local traffic anyway


----------

