Practical audit advice you can use today.
# 21 : VisualSniffPerms
This screencast was created specifically as a support video for our VisualSniff product. The default permissions that are set on the BPF adapters on OS X are a bit atypical and make it impossible for a user to start a sniffer without becoming an administrator. Using the directions in the video with the accompanying script resolves this issue so that VisualSniff will work correctly. The script referenced can be downloaded here: http://enclaveforensics.com/ClientFiles/VisualSniffPerms.sh
© 2011, David Hoelzer & EnclaveForensics