summaryrefslogtreecommitdiffstats
path: root/README.bsd
diff options
context:
space:
mode:
Diffstat (limited to 'README.bsd')
-rw-r--r--README.bsd76
1 files changed, 76 insertions, 0 deletions
diff --git a/README.bsd b/README.bsd
new file mode 100644
index 0000000..19cb07a
--- /dev/null
+++ b/README.bsd
@@ -0,0 +1,76 @@
+Installing Wireshark on FreeBSD/OpenBSD/NetBSD/DragonFly BSD
+========================================================================
+
+ 1. Berkeley Packet Filter (BPF) requirement
+ 2. Running Wireshark as a non-root user
+
+For general installation instructions, see the INSTALL file, along with
+the Developer's Guide located at https://www.wireshark.org/docs/ and
+in the docbook/ directory. Additional BSD specific notes and requirements
+follow.
+
+1. Berkeley Packet Filter (BPF) requirement
+--------------------------------------------
+In order to capture packets (with Wireshark/TShark, tcpdump, or any
+other packet capture program) on a BSD system, your kernel must have the
+Berkeley Packet Filter mechanism enabled. The default kernel
+configurations in recent versions of BSD systems have this enabled
+already. To verify the bpf device is present, look in the /dev
+directory:
+
+ ls -l /dev/bpf*
+
+You should see one or more bpf devices listed similar to this:
+
+ crw------- 1 root wheel 0, 90 Aug 10 21:05 /dev/bpf0
+ crw------- 1 root wheel 0, 91 Aug 10 21:05 /dev/bpf1
+
+Packet-capturing programs will pick the first bpf device that's not in
+use. Recent versions of most BSDs will create bpf devices as needed, so
+you don't have to configure the number of devices that will be
+available.
+
+2. Running wireshark as a non-root user
+-------------------------------------------
+Since the bpf devices are read-only by the owner (root), you normally
+have to run packet capturing programs such as Wireshark as root. It is
+safer to run programs as a non-root user if possible. To run Wireshark
+as a non-root user, you must change the permissions on the bpf device(s).
+If you are the only user that needs to use Wireshark, the easiest way
+is to change the owner of each bpf device to your username. You can also
+add the read/write ability to the group (typically wheel) and add users
+that need to use Wireshark to the wheel group. Check your operating
+system's documentation on how to make permanent these changes as they
+are often reset upon reboot; if /dev is implemented with devfs, it might
+be possible to configure devfs to create all bpf devices owned by a
+particular user and/or group and with particular permissions. In
+FreeBSD 6.0 and later this can be done by creating an /etc/devfs.rules
+file with content such as
+
+ [localrules=10]
+ add path 'bpf*' {mode and permissions}
+
+where "mode and permissions" can include clauses such as
+
+ mode {octal permissions}
+
+to set the permissions on the device (e.g., "mode 0660" to set the
+permissions to rw-rw-r--),
+
+ user {user}
+
+to set the user who owns the device, or
+
+ group {group}
+
+to set the group that owns the device and adding a line such as
+
+ devfs_system_ruleset=localrules
+
+to /etc/rc.conf. For example, an /etc/devfs.rules file with
+
+ [localrules=10]
+ add path 'bpf*' mode 0660 group wheel
+
+will grant read and write permissions on all BPF devices to all users in
+the "wheel" group.
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-08 01:44:35 +0000