arping on macOS 10.11.6 not working

[LowKnee]

macOS 10.11.6
libnet 1.2
no wireshark, no little snitch

sudo arping -i en0 192.168.1.1
Password:
arping: libnet_init(LIBNET_LINK, en0): libnet_bpf_open(): open(): (/dev/bpf0): Permission denied

ls -l bpf0
crw------- 1 root wheel 23, 0 5 Aug 15:30 bpf0

==============

sudo arping -vvvvv 192.168.1.1
arping: Using gettimeofday() for time measurements
arping: libnet_init()
arping: libnet_init(lo)
arping: libnet_init(LIBNET_LINK, ): libnet_bpf_open(): open(): (/dev/bpf0): Permission denied

==============

sudo tcpdump -i en0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 262144 bytes

==============

sudo dtruss arping 192.168.1.1

arping: libnet_init(LIBNET_LINK, ): libnet_bpf_open(): open(): (/dev/bpf0): Permission denied
SYSCALL(args) = return
thread_selfid(0x0, 0x0, 0x0) = 114667 0
csops(0x0, 0x0, 0x7FFF51F3BB10) = 0 0
issetugid(0x0, 0x0, 0x7FFF51F3BB10) = 1 0
shared_region_check_np(0x7FFF51F39A18, 0x0, 0x7FFF51F3BB10) = 0 0
stat64("/usr/lib/libpcap.A.dylib\0", 0x7FFF51F3ADA8, 0x7FFF51F3BB10) = 0 0
stat64("/usr/local/opt/libnet/lib/libnet.9.dylib\0", 0x7FFF51F3ADA8, 0x7FFF51F3BB10) = 0 0
open("/usr/local/opt/libnet/lib/libnet.9.dylib\0", 0x0, 0x0) = 3 0
pread(0x3, "\317\372\355\376\a\0", 0x1000, 0x0) = 4096 0
mmap(0x10DCD0000, 0xE000, 0x5, 0x12, 0x3, 0x0) = 0x10DCD0000 0
mmap(0x10DCDE000, 0x1000, 0x3, 0x12, 0x3, 0xE000) = 0x10DCDE000 0
mmap(0x10DCE1000, 0x3334, 0x1, 0x12, 0x3, 0xF000) = 0x10DCE1000 0
fcntl(0x3, 0x2C, 0x7FFF51F39148) = 0 0
close(0x3) = 0 0
stat64("/usr/lib/libSystem.B.dylib\0", 0x7FFF51F3ADA8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libcache.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libcommonCrypto.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libcompiler_rt.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148 = 0 0
stat64("/usr/lib/system/libcopyfile.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libcorecrypto.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libdispatch.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libdyld.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libkeymgr.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/liblaunch.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libmacho.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libquarantine.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libremovefile.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_asl.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_blocks.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_c.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_configuration.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_coretls.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_info.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148 = 0 0
stat64("/usr/lib/system/libsystem_kernel.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_m.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_malloc.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_network.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_notify.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_platform.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_pthread.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_secinit.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libsystem_trace.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libunc.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libunwind.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/system/libxpc.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/libobjc.A.dylib\0", 0x7FFF51F39BB8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/libauto.dylib\0", 0x7FFF51F39BB8, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/libc++abi.dylib\0", 0x7FFF51F39A98, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/libc++.1.dylib\0", 0x7FFF51F39A98, 0x7FFF51F39148) = 0 0
stat64("/usr/lib/libDiagnosticMessagesClient.dylib\0", 0x7FFF51F39988, 0x7FFF51F39148) = 0 0
getpid(0x7FFF85EE2740, 0x7FFF51F39988, 0x7FFF51F39148) = 17334 0
open("/dev/dtracehelper\0", 0x2, 0x7FFF51F3B9D0) = 3 0
ioctl(0x3, 0x80086804, 0x7FFF51F3B958) = 0 0
close(0x3) = 0 0
sysctl(0x7FFF51F3B070, 0x2, 0x7FFF51F3B080) = 0 0
thread_selfid(0x7FFF51F3B070, 0x2, 0x7FFF51F3B080) = 114667 0
bsdthread_register(0x7FFF8E3E8344, 0x7FFF8E3E8334, 0x2000) = 1073741887 0
mprotect(0x10DCE5000, 0x88, 0x1) = 0 0
mprotect(0x10DCE7000, 0x1000, 0x0) = 0 0
mprotect(0x10DCFD000, 0x1000, 0x0) = 0 0
mprotect(0x10DCFE000, 0x1000, 0x0) = 0 0
mprotect(0x10DD14000, 0x1000, 0x0) = 0 0
mprotect(0x10DD15000, 0x1000, 0x1) = 0 0
mprotect(0x10DCE5000, 0x88, 0x3) = 0 0
mprotect(0x10DCE5000, 0x88, 0x1) = 0 0
issetugid(0x10DCE5000, 0x88, 0x1) = 1 0
getpid(0x10DCE5000, 0x88, 0x1) = 17334 0
stat64("/AppleInternal/XBS/.isChrooted\0", 0x7FFF51F3AFD8, 0x1) = -1 Err#2
stat64("/AppleInternal\0", 0x7FFF51F3AF48, 0x1) = -1 Err#2
csops(0x43B6, 0x7, 0x7FFF51F3AA60) = -1 Err#22
sysctl(0x7FFF51F3AE20, 0x4, 0x7FFF51F3AB98) = 0 0
csops(0x43B6, 0x7, 0x7FFF51F3A350) = -1 Err#22
proc_info(0x2, 0x43B6, 0x11) = 56 0
socket(0x2, 0x2, 0x0) = 3 0
ioctl(0x3, 0xC00C6924, 0x7FFF51F38280) = 0 0
ioctl(0x3, 0xC0206911, 0x7FFF51F3C2A0) = 0 0
ioctl(0x3, 0xC0206911, 0x7FFF51F3C2A0) = 0 0
ioctl(0x3, 0xC0206911, 0x7FFF51F3C2A0) = 0 0
ioctl(0x3, 0xC0206911, 0x7FFF51F3C2A0) = 0 0
ioctl(0x3, 0xC0206921, 0x7FFF51F3C2A0) = 0 0
ioctl(0x3, 0xC0206911, 0x7FFF51F3C2A0) = 0 0
ioctl(0x3, 0xC0206921, 0x7FFF51F3C2A0) = -1 Err#49
ioctl(0x3, 0xC0206911, 0x7FFF51F3C2A0) = 0 0
ioctl(0x3, 0xC0206921, 0x7FFF51F3C2A0) = -1 Err#49
close(0x3) = 0 0
open("/dev/bpf0\0", 0x2, 0x10DCDD8BF) = -1 Err#13
socket(0x2, 0x2, 0x0) = 3 0
ioctl(0x3, 0xC0206911, 0x7FFF51F3C168) = -1 Err#6
close(0x3) = 0 0
write_nocancel(0x2, "arping: libnet_init(LIBNET_LINK, ): libnet_bpf_open(): open(): (/dev/bpf0): Permission denied\n\0", 0x64) = 100 0
getuid(0x2, 0x7FFF51F3BD70, 0x64) = 0 0

[ThomasHabets]

I don't have a mac to try to reproduce this, but does tcpdump work?

[LowKnee]

yes, tcpdump works, I copied the first line in my post above:

sudo tcpdump -i en0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 262144 bytes

[ThomasHabets]

Oops, sorry I missed that.

Is tcpdump on a mac special? Is it suid to something?

[LowKnee]

I don't know, tcpdump needs sudo it uses /dev/bpf0 without sudo you get same error as arping, but sudo with Arping does not work.

see error tcpdump without sudo:
tcpdump -i en0
tcpdump: en0: You don't have permission to capture on that device
((cannot open BPF device) /dev/bpf0: Permission denied)