CS 78 - Installing WireShark on OSX This document describes how to overcome some common pitfalls when installing WireShark on Mac OSX. Read these instructions fully before trying to install the program to avoid headaches. Thanks to Michael Diamond for finding solutions to these problems. ---------------------------------------------------------------------------- First, everyone needs to read the readme (and follow its instructions). That said, copying the startup item (as specified in the readme) won't work. There are two approaches here, pick either 1 or 2. Note that option 2 is preferable over option 1 as you won't allow a program you click on to run as root. 1. Give the startup item the appropriate permissions to run If you chose this method, run the following: cd /Library/StartupItems sudo chown -R root:wheel ChmodBPF 2. Always run as root. To do this, make sure wireshark is installed somewhere on the PATH as specified in the readme. Then just type ``sudo wireshark'' The above is pretty straightforward and mostly covered in the instructions in the homework. However, the kicker is that wireshark might still fail to run. If wireshark crashes without showing a startup screen, it's probably a font caching issue (this took an hour to figure out). The solution is to to delete ~/.fontconfig (just trash the whole folder). Probably best to specify this as ``rm -rf ~/.fontconfig'' to make things simple for people. After that, wireshark should run ok (though if you run from the commandline, you need to open X11 first). Also, if you're on Mac OS 10.6, you'll need to add a path in preferences to get interfaces to display properly. To do this, run wireshark, then go to Edit->Preferences. Select ``Name Resolution,'' then click ``Edit'' next to ``SMI (MIB and PIB) paths'' . Click the ``New'' button on the left and type ``/usr/share/snmp/mibs/'' and then press ``Ok.'' Press ``Ok'' on the two remaining windows to save these settings. Then restart wireshark. Now, as long as you run with "sudo wireshark" (and open X11 first), it should work just fine.