On Jan 14, 2021, at 5:43 PM, Gerald Combs <ger...@wireshark.org> wrote:
> I can replicate the "Resource busy" message here by running Wireshark,
> leaving the welcome screen up and attempting to read from /dev/bpf0:
>
> ----
> $ read -n 0 < /dev/bpf0 > /dev/null 2>&1
> bash: /dev/bpf0: Resource busy
> ----
>
> However, that's just a result of Wireshark updating the interface sparklines
> via `dumpcap -S`,
Not necessarily:
$ read -n 0 < /dev/bpf0 > /dev/null
-bash: /dev/bpf0: Resource busy
$ ps -ef | egrep -i 'tcpdump|shark|dumpcap'
501 95591 32227 0 10:00PM ttys114 0:00.00 egrep -i
tcpdump|shark|dumpcap
and that's because:
$ sudo lsof /dev/bpf0 /dev/bpf1
Password:
...
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
airportd 344 root 41u CHR 23,0 0t0 580 /dev/bpf0
airportd 344 root 42u CHR 23,0 0t0 580 /dev/bpf0
airportd 344 root 43u CHR 23,1 0t0 581 /dev/bpf1
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
