I wanted to install WireShark on my MacBookPro but found that simply following the instructions simply did not work completely, but I dd manage to work through the issues.Following the instructions installed the app but I could not see any interfaces, and as it turns out it is a permissions issue.
The ‘dmg’ file downloads fine and the instructions are clear enough in the “read me first.rtf’:
- Drag the Wireshark icon (i.e., wireshark.app) to the Applications alias (folder).
- (Within the Wireshark dmg folder) open the Utilities folder.
- Drag the contents of the Command Line folder to /usr/local/bin (if you’re a Windows convert like I am that means using the Go menu in Finder to navigate to /usr/local/bin)
- You will need to adjust the permissions on /dev/bpf* in order to capture… You can do this by dragging the ChmodBPF folder to the StartupItems alias **But this did not work for me**� To be fair the instructions do say “you can do this by hand” and that is exactly what needed to be done in this case.
After several failed attempts I opened the ChmodBPF folder and examined the contents of the executable ChmodBPF and manually carried out its instructions from a command line to resolve the issue.
From the ChmodBPF file the two needed instructions, both prefixed with ‘sudo’, to be run from a command prompt are:
chgrp admin /dev/bpf*
chmod g+rw /dev/bpf*
Without this change Wireshark launches but fails to see any “interfaces” which means it will not capture nor decode packets.