WireShark 1.2.9 install on Mac OS X 10.6.4

 Posted by at 3:33 am  Mac, Mac How To  Comments Off on WireShark 1.2.9 install on Mac OS X 10.6.4
Jul 252010

I wanted to install WireShark on my MacBookPro but found that simply following the instructions simply did not work completely, but I dd manage to work through the issues.Following the instructions installed the app but I could not see any interfaces, and as it turns out it is a permissions issue.

The ‘dmg’ file downloads fine and the instructions are clear enough in the “read me first.rtf’:

  1. Drag the Wireshark icon (i.e., wireshark.app) to the Applications alias (folder).
  2. (Within the Wireshark dmg folder) open the Utilities folder.
  3. Drag the contents of the Command Line folder to /usr/local/bin (if you’re a Windows convert like I am that means using the Go menu in Finder to navigate to /usr/local/bin)
  4. You will need to adjust the permissions on /dev/bpf* in order to capture… You can do this by dragging the ChmodBPF folder to the StartupItems alias **But this did not work for me**� To be fair the instructions do say “you can do this by hand” and that is exactly what needed to be done in this case.

After several failed attempts I opened the ChmodBPF folder and examined the contents of the executable ChmodBPF and manually carried out its instructions from a command line to resolve the issue.

From the ChmodBPF file the two needed instructions, both prefixed with ‘sudo’, to be run from a command prompt are:

chgrp admin /dev/bpf*

chmod g+rw /dev/bpf*

Without this change Wireshark launches but fails to see any “interfaces” which means it will not capture nor decode packets.