-
Run the installation script:
./install.sh -
When prompted, allow the BPF permissions setup for packet capture
-
LightScope will start automatically and run in the background
LightScope monitors network traffic using the Berkeley Packet Filter (BPF). This requires special permissions but does NOT require running as root.
The installer will offer to run the BPF permissions setup script:
sudo /Applications/LightScope.app/Contents/Resources/setup_bpf_permissions.sh
This one-time setup:
- Creates an 'access_bpf' group
- Adds you to the group
- Sets up automatic BPF permissions at boot
- Allows packet capture without root privileges
If you skipped the setup during installation, you can run it later:
sudo /Applications/LightScope.app/Contents/Resources/setup_bpf_permissions.sh
Edit the configuration file at:
/Applications/LightScope.app/Contents/Resources/config/config.ini
View logs at:
/Applications/LightScope.app/Contents/Resources/logs/
- Stop:
launchctl unload ~/Library/LaunchAgents/com.thelightscope.lightscope.plist - Start:
launchctl load ~/Library/LaunchAgents/com.thelightscope.lightscope.plist - Uninstall:
./uninstall.sh
- macOS 10.14 or later
- Python 3.8 or later
- Network access for monitoring
- BPF permissions for packet capture
- Runs as user application (no root required)
- Automatic startup at login
- Background operation
- Network packet monitoring
- Honeypot functionality
- Automatic updates
- Does not require root privileges to run
- Uses Berkeley Packet Filter (BPF) for safe packet capture
- Group-based permissions following macOS security best practices
- Same approach used by Wireshark and other professional tools
If packet capture fails:
- Check BPF permissions:
ls -la /dev/bpf* - Verify group membership:
groups - Re-run setup:
sudo /Applications/LightScope.app/Contents/Resources/setup_bpf_permissions.sh - Log out and log back in for group changes to take effect