Wireshark-users: Re: [Wireshark-users] Installing Wireshark on OS X = clear as mud
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sun, 13 Apr 2008 17:16:16 +0200
Hi Luke,

Although I'm not an OSX user myself I try to respond anyway.

First of all the MAC OSX package is an experimental feature at the moment. Up to now we've relied on external parties to package MAC OSX packages (like for RPMs (Red Hat Linux) and DEBs (Debian Linux). This is a shot at providing a MAC OSX package ourselves. So, comments like yours are useful to improve the packaging etc.

Now getting back to your points.

The bug report 2424 wasn't deleted as you state (bugzilla doesn't provide for that), it was closed because it was invalid. The valid part though, regarding the missing contents of the documentation, was filed as Critical bug report 2425. So that part of the report wasn't lost.

1. "Done", oke!

2. "Done", oke!

3. You could open your Terminal.app and type 'ls -l /dev/bpf*'.
That should show you a list of devices.

The text of the README.macosx is written from a developer point of view. The source tree referenced can be viewed here if you like: http://anonsvn.wireshark.org/wireshark/trunk-1.0/packaging/macosx/

In there is a script ChmodBPF that makes the required modifications for you.

Now, about the exact composition of the directory I'm not sure, as I've mentioned before I'm not a MAC OSX user myself, but some other user may help you out here,

Thanks for sticking with it.
Jaap



luke olson wrote:
Forgive me if I sound a little frustrated, I've just spent the last day trying to install wireshark on Leopard. I'm either uber stupid or the documentation is just dreadful.

I download the dmg install package, install wireshark and launch it. The interfaces list is empty, I search the net for help and eventually find this *deleted* bug report:

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2424
The readme file in the dmg package is missing which contains information to get the interfaces list populated. Luckily, so I thought, the contents of the read me filke has been duplicated.

"1.      Drag the Wireshark icon to /Applications."

done

"2.      Drag the contents of the Utilities/Command Line folder to
$HOME/bin, /usr/local/bin, /opt/wireshark/bin or any other location that makes
sense (preferably one that's in your PATH)."

done


"3.      You will probably need to adjust the permissions of /dev/bpf*
in order to capture. You can do this by hand or by installing the ChmodBPF
startup item."

hmm ok, need a little bit more info because I do no have a /dev/ folder on my system, or any bpf* file.

" The Utilties/Startup folder, which contains the ChmodBPF
startup item from the libpcap distribution. This can be used to set the
permissions of /dev/bpf* when your system starts up. See
Utilties/Startup/README.macosx for more details."

ok, so let's see what that says.....

"On Mac OS X, the BPF devices live on devfs, but the OS X version of
devfs is based on an older (non-default) FreeBSD devfs, and that version
of devfs cannot be configured to set the permissions and/or ownership of
those devices."

clear as mud to me. Signs that perhaps this application is way over my head....

"The startup item is in the ChmodBPF directory in the source tree."

Where exactly does one find the "directory source tree"? I see a ChmodBPF unix executable file in the dmg package in the utilities folder, but is this a directory? and in the source tree?????
" A /Library/StartupItems directory should be created if it doesn't already
exist"

got one already

"and the ChmodBPF directory should be copied to the
/Library/StartupItems directory (copy the entire directory, so that
there's a /Library/StartupItems/ChmodBPF directory, containing all the
files in the source tree's ChmodBPF directory; don't copy the individual
items in that directory to /Library/StartupItems)."

Where the heck is this ChmodBPF directory where all these items in it?

I know this is free software and all but how is any of this documentation meant to be easily digested? Can someone please put me out of my misery? Where is /dev/bpf and where is the ChmodBPF directory in the source tree??? I dragged the ChmodBPF executable file to the startupitems folder, rebooted and wireshark still has empty interface list so clearly I'm not understanding.

kind regards