Installing Wireshark and other UNIX programs on Apple Mac OSX

For "wireshark" (previously "ethereal") see http://www.wireshark.org/download.html

The directions need to be revised to read: "Make a new directory /Library/StartupItems/ChmodBPF/.  Copy into it the ChmodBPF file and the StartupParameters.plist files provided."  You must authenticate when you make changes to the /Library/StartupItems/ directory.

You need to also install X11.sdk (In Xcode/pkgs on the Xcode disk).  You also need the X11User.pkg (see below) unless X11.app is already in /Applications/Utilities/).

Sept. 9, 2009 - to get the current version for Mac to work, the following was neccesary, in addition to the staeps in "Read me first.pdf" onthe Wireshark.dmg" which you downloaded.
1.  Enable the root user.  In 10.5.7 this is found in the Edit menu of Utilities/Directory, after clicking the Lock icon to "enable changes." If not found there, search Help for "root user".
2.  In Terminal, type "su" and then the root password, which you defined in step 1.  Then type:
  mkdir  /usr/local/share/mibs/
  cd       /usr/local/share/mibs/
  ln -s    /usr/share/snmp/mibs/    ietf
3. The instructions say to "Drag the contents of the Command Line folder to ... if it's on your path". But the Finder does not now display most of these, even if they exist. It may display /opt/local/bin.  Drag the files there, if is on your "path".  To see what's on your "path", in Terminal type: echo $PATH.

After all this, /Applications/Wireshark.app did not discover the network interfaces.  You could run "wireshark" sucessfully by starting X.11, selecting Terminal under the X.11/Applications menu, then enter "su"and (after the root password) "wireshark".  Wireshark would start, but one or two error windows still had to be clicked away.

Hopefully the problem will be fixed on a future version.
---
To install many unix network utility programs:

Download "MacPorts" (was "DarwinPorts") from http://www.apple.com/downloads/macosx/unix_open_source/macports.html

You can now install other UNIX applications using "MacPorts".

"PortAuthority" is a Mac GUI app that will help you use MacPorts to install other UNIX programs on your Mac. It can be found at http://www.apple.com/downloads/macosx/unix_open_source/portauthority.html

Since MacPorts compiles source code locally, you need to install Xcode and X11sdk:

  For OS 10.4, install Xcode 2.4.1 (download from Apple, or find it on the OSX 10.4 installation CD or DVD).  For 10.5 the "Optional Installs" folder on the OS Installation DVD has Xcode.pkg and X11.sdk.pkg (double click to run the installation).

  X11sdk.pkg  -   on Xcode installation disk.  You must install it separately (double-click it).

  X11User.pkg - Not needed for 10.5. On MacOS 10.4 install CD disk 1 in /System/Installation/Packages/ folder. May be on disk 2 for MacOS 10.3.  Use the "Find File" utility to find it on a installation DVD. After installation, "X11" appears in the /Applications/Utilities folder.  On 10.5 "X11.app" should be in the Utilities folder.

To run a unix program, double-click X11 and then type the name of the application in the  resulting terminal window.  Apps that do not use X11 windows can also be run from an Apple "Terminal" window.

The new Installers may take care of all this, but just in case:

You should ensure that /opt/local/bin is in your PATH environment
variable, otherwise your shell will not be able to find the executables
that are installed by MacPorts.

To see the PATH, open a terminal window and type:

    echo $PATH

If you do see "/opt/local/bin" in the list of directories, add the following line to your
~/.profile file. If the filedoes not exist create it. 

    export PATH=/opt/local/bin:$PATH

JAC

=============  Readme file from Fink's compilation of wireshark ==========

This package contains wireshark 0.99.5-svn (from www.wireshark.org) built from the
open source code by  Fink Consulting GmbH, Basel, Switzerland for free. The package
is built for MacOS X 10.4 (Tiger) exclusively
and installs into /usr/local.

To run wireshark, you must have X11.app installed. Its located in the
/Applications/Utilities folder normally. If you don't have X11.app there, install it from
your original MacOS X 10.4 install CD. You will find it under "optional installs". After
installing X11, run System Update to get a update of X11.

To execute wireshark, launch X11.app and type:

    /usr/local/bin/wireshark

or doubleclick on Wireshark in the Application folder (which is just firing up X11 and /usr/local/bin/wireshark)

Note: if you sniff on a Mac with intel CPU and a Airport connection (such as the
MacBook or MacBook Pro), you loose the wireless lan connection when you open the
"interfaces" menu as this opens all interfaces including the wlt1 which sniffs in
monitoring mode. To avoid this (when you want to capture pure ethernet frames from a
WLAN interface for example), use capture -> options and choose the appropriate enX
interface (usually en1) and not the wtl1

Also we recommend editing the PATH variable to include /usr/local/bin/.


Author of package: Andreas Fink
andreas@fink.org

===================================