Installing Wireshark and other UNIX programs on Apple Mac OSX
For "wireshark" (previously "ethereal") see http://www.wireshark.org/download.html
The directions need to be revised to read: "Make a new directory
/Library/StartupItems/ChmodBPF/. Copy into it the ChmodBPF file
and the StartupParameters.plist files provided." You must
authenticate when you make changes to the /Library/StartupItems/
directory.
You need to also
install X11.sdk (In Xcode/pkgs on the Xcode disk). You also need
the
X11User.pkg (see
below) unless X11.app is already in /Applications/Utilities/).
Sept. 9, 2009 - to get the current version for Mac to work, the
following was neccesary, in addition to the staeps in "Read me
first.pdf" onthe Wireshark.dmg" which you downloaded.
1. Enable the root user. In 10.5.7 this is found in the
Edit menu of Utilities/Directory, after clicking the Lock icon to
"enable changes." If not found there, search Help for "root user".
2. In Terminal, type "su" and then the root password, which you
defined in step 1. Then type:
mkdir /usr/local/share/mibs/
cd /usr/local/share/mibs/
ln -s /usr/share/snmp/mibs/ ietf
3. The instructions say to "Drag the contents of the Command Line
folder to ... if it's on your path". But the Finder does not now
display most of these, even if they exist. It may display
/opt/local/bin. Drag the files there, if is on your "path".
To see what's on your "path", in Terminal type: echo $PATH.
After all this, /Applications/Wireshark.app did not discover the
network interfaces. You could run "wireshark" sucessfully by
starting X.11, selecting Terminal under the X.11/Applications menu,
then enter "su"and (after the root password) "wireshark".
Wireshark would start, but one or two error windows still had to be
clicked away.
Hopefully the problem will be fixed on a future version.
---
To install many unix network utility programs:
Download "MacPorts" (was
"DarwinPorts") from http://www.apple.com/downloads/macosx/unix_open_source/macports.html
You can now install other UNIX applications using "MacPorts".
"PortAuthority" is a Mac GUI
app that will help you use MacPorts to
install other UNIX
programs on your Mac. It can be found at http://www.apple.com/downloads/macosx/unix_open_source/portauthority.html
Since MacPorts compiles source code locally, you need to install Xcode
and X11sdk:
For OS 10.4, install Xcode 2.4.1
(download from Apple, or find it on the OSX 10.4 installation CD or
DVD). For 10.5 the "Optional Installs" folder on the OS
Installation DVD has Xcode.pkg and X11.sdk.pkg (double click to run the
installation).
X11sdk.pkg
- on Xcode installation disk. You must install
it separately (double-click it).
X11User.pkg - Not
needed for 10.5. On MacOS
10.4 install CD disk 1 in
/System/Installation/Packages/ folder. May be on disk 2 for MacOS
10.3. Use the "Find File" utility to find it on a installation
DVD. After installation, "X11"
appears in the /Applications/Utilities folder. On 10.5 "X11.app"
should be in the Utilities folder.
To run a unix program, double-click X11 and then type the name of the
application in the resulting terminal window. Apps that do
not use X11 windows can
also be run from an Apple "Terminal" window.
The new Installers may take care of all this,
but just in case:
You should ensure that /opt/local/bin is in your PATH environment
variable, otherwise your shell will not be able to find the executables
that are installed by MacPorts.
To see the PATH, open a terminal window and type:
echo $PATH
If you do see "/opt/local/bin" in the list of directories, add the
following line to your
~/.profile file. If the filedoes not exist create it.
export PATH=/opt/local/bin:$PATH
JAC
============= Readme file from Fink's compilation of wireshark
==========
This package contains wireshark 0.99.5-svn (from www.wireshark.org)
built from the
open source code by Fink Consulting GmbH, Basel, Switzerland for
free. The package
is built for MacOS X 10.4 (Tiger) exclusively
and installs into /usr/local.
To run wireshark, you must have X11.app installed. Its located in the
/Applications/Utilities folder normally. If you don't have X11.app
there, install it from
your original MacOS X 10.4 install CD. You will find it under "optional
installs". After
installing X11, run System Update to get a update of X11.
To execute wireshark, launch X11.app and type:
/usr/local/bin/wireshark
or doubleclick on Wireshark in
the Application folder (which is just firing up X11 and
/usr/local/bin/wireshark)
Note: if you sniff on a Mac with intel CPU and a Airport connection
(such as the
MacBook or MacBook Pro), you loose the wireless lan connection when you
open the
"interfaces" menu as this opens all interfaces including the wlt1 which
sniffs in
monitoring mode. To avoid this (when you want to capture pure ethernet
frames from a
WLAN interface for example), use capture -> options and choose the
appropriate enX
interface (usually en1) and not the wtl1
Also we recommend editing the PATH variable to include /usr/local/bin/.
Author of package: Andreas Fink
andreas@fink.org
===================================