what is access_bpf group?
Wireshark's installer configures your system so that the user doing the installation can capture network traffic without the capturing program having to run as root.
The way it does this is to:
- create an
access_bpf
group; - put the user into that group;
- install a StartupItem (in older versions) or a launch daemon (in newer versions) that, when the system is booted, changes the permissions of the BPF devices to rw-rw--- and the group owner of the BPF devices to
access_bpf
; - arranges that the StartupItem/launch daemon run at that time.
Note, BTW, that this also allows you to capture traffic with Wireshark (or Wireshark's TShark or dumpcap programs) without having to run them as root, it also allows you to capture traffic with tcpdump without having to run it as root.
The Installer for Wireshark will create the access_bpf group! or in your case who knows :)
Since you do not remember installing and do not use it then just remove it.
To remove Wireshark from your machine, look for following files on your Mac and remove them if they exist:
sudo rm -r /Applications/Wireshark.app
sudo rm -r /Library/Wireshark
sudo rm /Library/StartupItems/ChmodBPF
sudo rm /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist
sudo rm /Library/Application\ Support/Wireshark/ChmodBPF/ChmodBF
sudo rm /Library/Application\ Support/Wireshark/ChmodBPF/org.wireshark.ChmodBPF.plist
Also remove the access_bpf group