1Installing Wireshark on FreeBSD/OpenBSD/NetBSD/DragonFly BSD 2======================================================================== 3 4 1. Extra packages required 5 2. Compiling Wireshark 6 3. Berkeley Packet Filter (BPF) requirement 7 4. Running Wireshark as a non-root user 8 9 101. Extra packages required 11--------------------------- 12Wireshark requires a number of additional programs to function. 13Install the latest versions of the following programs before compiling: 14 15The easiest way to install these is by using your operating system's 16ports or packages system. If you prefer to build from source, the programs 17can be found at the following sites: 18 19 glib 2.32 or later: 20 ftp.gnome.org:/pub/gnome/sources/glib/ 21 http://ftp.gnome.org/pub/gnome/sources/glib/ 22 23 pkgconfig: 24 http://pkgconfig.freedesktop.org/releases/ 25 26 python 3.4 or later: 27 https://www.python.org/downloads/source/ 28 29If you want to use the Wireshark GUI, install one or both of these toolkits: 30 31 Qt 5.3 or later: 32 http://download.qt-project.org/official_releases/qt/ 33 34 35(These programs may require additional dependencies) 36 37Additional programs can be used to enhance Wireshark's functionality. 38These can be found by typing ./configure --help or looking at the output 39at the end of running the configure script. 40 41 422. Compiling Wireshark 43----------------------- 44To compile Wireshark with the default options, run configure, make and 45make install (you may have to run "autogen.sh" first): 46 47 ./configure 48 make 49 make install 50 51The configure and make steps can be run as a non-root user and you can 52run Wireshark from the compilation directory itself. You must run make 53install as root in order to copy the program to the proper directories. 54 55 563. Berkeley Packet Filter (BPF) requirement 57-------------------------------------------- 58In order to capture packets (with Wireshark/TShark, tcpdump, or any 59other packet capture program) on a BSD system, your kernel must have the 60Berkeley Packet Filter mechanism enabled. The default kernel 61configurations in recent versions of BSD systems have this enabled 62already. To verify the bpf device is present, look in the /dev 63directory: 64 65 ls -l /dev/bpf* 66 67You should see one or more bpf devices listed similar to this: 68 69 crw------- 1 root wheel 0, 90 Aug 10 21:05 /dev/bpf0 70 crw------- 1 root wheel 0, 91 Aug 10 21:05 /dev/bpf1 71 72Packet-capturing programs will pick the first bpf device that's not in 73use. Recent versions of most BSDs will create bpf devices as needed, so 74you don't have to configure the number of devices that will be 75available. 76 774. Running wireshark as a non-root user 78------------------------------------------- 79Since the bpf devices are read-only by the owner (root), you normally 80have to run packet capturing programs such as Wireshark as root. It is 81safer to run programs as a non-root user if possible. To run Wireshark 82as a non-root user, you must change the permissions on the bpf device(s). 83If you are the only user that needs to use Wireshark, the easiest way 84is to change the owner of each bpf device to your username. You can also 85add the read/write ability to the group (typically wheel) and add users 86that need to use Wireshark to the wheel group. Check your operating 87system's documentation on how to make permanent these changes as they 88are often reset upon reboot; if /dev is implemented with devfs, it might 89be possible to configure devfs to create all bpf devices owned by a 90particular user and/or group and with particular permissions. In 91FreeBSD 6.0 and later this can be done by creating an /etc/devfs.rules 92file with content such as 93 94 [localrules=10] 95 add path 'bpf*' {mode and permissions} 96 97where "mode and permissions" can include clauses such as 98 99 mode {octal permissions} 100 101to set the permissions on the device (e.g., "mode 0660" to set the 102permissions to rw-rw-r--), 103 104 user {user} 105 106to set the user who owns the device, or 107 108 group {group} 109 110to set the group that owns the device and adding a line such as 111 112 devfs_system_ruleset=localrules 113 114to /etc/rc.conf. For example, an /etc/devfs.rules file with 115 116 [localrules=10] 117 add path 'bpf*' mode 0660 group wheel 118 119will grant read and write permissions on all BPF devices to all users in 120the "wheel" group. 121