Wireshark - you don't have permission to capture on that device mac

According to User: gmale's answer on ask.wireshark.org, he solved his problem in this way and I'm sure that it could solve yours as well. It says:

1- Open Terminal

To see your exact user name (for me that was AliGht)

2- Type 'whoami'

enter image description here

3- execute the following commands:

cd /dev
sudo chown AliGht:admin bp*

and enter your computer password:

enter image description here

4- now type this command:

ls -la | grep bp

The last command will display a list of files such as:

enter image description here

5- Make sure all of them have your user name and admin as the user/group. For some reason, the last one didn't get assigned properly so I had to run the command:

sudo chown AliGht:admin bpf4

so the last command fixed my problem as you see in the last image:

enter image description here

Done!

If your WireShark is open then close it and open it again.

All credits of this tutorial goes to user gmale on ask.wireshark.org,

If you want to open WireShark always as administrator then take a look to another post which I created a shortcut for it via Applescript, and this is the only way which you can open the WireShark always as administrator even when you turn off/on your mac.


I don't know how to solve this problem, but if you want a temporary fix, you can use the following command:

$ sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark

Wireshark provides the solution itself, along with the explanation of weird secrets:

  1. add your user to the group "access_bpf" by commanding
    sudo dseditgroup -o edit -a `whoami` -t user access_bpf

  2. then launch Wireshark's script
    sudo "/Library/Application Support/Wireshark/ChmodBPF/ChmodBPF";

That's all, because (as the script explains):

# Unfortunately, macOS's devfs is based on the old FreeBSD
# one, not the current one, so there's no way to configure it
# to create BPF devices with particular owners or groups. BPF
# devices on macOS are also non-cloning, that is they can
# be created on demand at any time. This startup item will
# pre-create a number of BPF devices, then make them owned by
# the access_bpf group, with permissions rw-rw----, so that
# anybody in the access_bpf group can use programs that capture
# or send raw packets.