|author||Guy Harris <email@example.com>||2006-08-11 00:11:11 +0000|
|committer||Guy Harris <firstname.lastname@example.org>||2006-08-11 00:11:11 +0000|
From Stephen Fisher: add more information on configuring for BSD,
modernize the section on BPF (modern BSDs have BPF built in and clone BPF devices, so no configuration should be necessary; we can add back the old instructions if people using older BSDs run into problems), and add information on making BPF devices available to non-root users. svn path=/trunk/; revision=18880
Diffstat (limited to 'README.bsd')
1 files changed, 79 insertions, 28 deletions
diff --git a/README.bsd b/README.bsd
index 76a7a657ac..eba96b8998 100644
@@ -1,32 +1,83 @@
+Installing Wireshark on FreeBSD/OpenBSD/NetBSD
+ 1. Extra packages required
+ 2. Compiling Wireshark
+ 3. Berkeley Packet Filter (BPF) requirement
+ 4. Running Wireshark as a non-root user
+1. Extra packages required
+Wireshark requires a number of additional programs to function.
+Install the latest versions of the following programs before compiling:
+ gtk2 / gtk+2
+The easiest way to install these is by using your operating system's
+ports or packages system.
+2. Compiling Wireshark
+To compile Wireshark with the default options, run configure, make and
+ make install
+The configure and make steps can be run as a non-root user and you can
+run Wireshark from the compilation directory itself. You must run make
+install as root in order to copy the program to the proper directories.
+3. Berkeley Packet Filter (BPF) requirement
In order to capture packets (with Wireshark/TShark, tcpdump, or any
-other packet capture program) on a BSD system, your kernel must have
-the Berkeley packet Filter mechanism enabled. On some BSDs (recent
-versions of FreeBSD, for example), it's enabled by default in the
-generic kernel; it's not enabled by default in older FreeBSD kernels,
-and might not be enabled by default in other kernels.
-The entry in the FreeBSD 3.4 i386 GENERIC configuration file for it is:
- # The `bpfilter' pseudo-device enables the Berkeley Packet Filter.
- # Be aware of the administrative consequences of enabling this!
- # The number of devices determines the maximum number of
- # simultaneous BPF clients programs runnable.
- pseudo-device bpfilter 1 #Berkeley packet filter
-To enable BPF, add "pseudo-device" line such as the last line there to
-your configuration file, re-run "config", rebuild the kernel, install
-the new kernel, and reboot.
-Note that some daemons, or other applications, may be BPF clients, i.e.
-may use the BPF mechanism to see link-layer traffic coming into the
-machine and send link-layer traffic from the machine; for example, if
-the number in the "pseudo-device bpfilter" line is 1, and such a daemon
-or application is running, a packet-capture program will not be able to
-do packet capture, as the one and only BPF device will already be in
-use. You may therefore need to increase the number of BPF devices, by
-increasing the number in the "pseudo-device bpfilter" line, re-running
-"config", rebuilding the kernel, installing the new kernel, and
+other packet capture program) on a BSD system, your kernel must have the
+Berkeley Packet Filter mechanism enabled. The default kernel
+configurations in recent versions of BSD systems have this enabled
+already. To verify the bpf device is present, look in the /dev
+ ls -l /dev/bpf*
+You should see one or more bpf devices listed similar to this:
+ crw------- 1 root wheel 0, 90 Aug 10 21:05 /dev/bpf0
+ crw------- 1 root wheel 0, 91 Aug 10 21:05 /dev/bpf1
+Packet-capturing programs will pick the first bpf device that's not in
+use. Recent versions of most BSDs will create bpf devices as needed, so
+you don't have to configure the number of devices that will be
+4. Running wireshark as a non-root user
+Since the bpf devices are read-only by the owner (root), you normally
+have to run packet capturing programs such as Wireshark as root. It is
+safer to run programs as a non-root user if possible. To run Wireshark
+as a non-root user, you must change the permissions on the bpf device(s).
+If you are the only user that needs to use Wireshark, the easiest way
+is to change the owner of each bpf device to your username. You can also
+add the read/write ability to the group (typically wheel) and add users
+that need to use Wireshark to the wheel group. Check your operating
+system's documentation on how to make permanent these changes as they
+are often reset upon reboot; if /dev is implemented with devfs, it might
+be possible to configure devfs to create all bpf devices owned by a
+particular user and/or group and with particular permissions.