Skip navigation
This discussion is archived

Wireshark

17263 Views 12 Replies Latest reply: Nov 10, 2009 11:06 AM by chopstix RSS
RJ Welsh Level 1 Level 1 (0 points)
Currently Being Moderated
Feb 12, 2009 12:33 PM
I am trying to install Wireshark 1.0.6 on my MacBook Pro running 10.5.6.

I downloaded the program from the wireshark webpage and installed it. I do not know where to place the utilities folder that came with the download. Do I need to install additional third party programs?

When I launch wireshark I get the following error:

The following errors were found while loading the MIBS:
-:0 1 module-not-found failed to locate MIB module `IP-MIB'
-:0 1 module-not-found failed to locate MIB module `IF-MIB'
-:0 1 module-not-found failed to locate MIB module `TCP-MIB'
-:0 1 module-not-found failed to locate MIB module `UDP-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMPv2-MIB'
-:0 1 module-not-found failed to locate MIB module `RFC1213-MIB'
-:0 1 module-not-found failed to locate MIB module `IPV6-ICMP-MIB'
-:0 1 module-not-found failed to locate MIB module `IPV6-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-COMMUNITY-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-FRAMEWORK-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-MPD-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-NOTIFICATION-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-PROXY-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-TARGET-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-USER-BASED-SM-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-USM-DH-OBJECTS-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-VIEW-BASED-ACM-MIB'


The Current Path is: /usr/local/share/mibs/ietf:/usr/local/share/mibs/iana:/usr/local/share/mibs/irt f:/usr/local/share/mibs/site:/usr/local/share/mibs/tubs:/usr/local/share/pibs/ie tf:/usr/local/share/pibs/site:/usr/local/share/pibs/tubs

I have used wireshark at work on the PC, but I would like to install it on my MAC for home use. There is also no interface selection available in the capture menu.
MacBook Pro, Mac OS X (10.5.6)
  • DigiAngel Calculating status...
    Currently Being Moderated
    Feb 12, 2009 6:26 PM (in response to RJ Welsh)
    From the readme:

    Quick Setup

    1. Drag the Wireshark icon to /Applications.
    2. Drag the contents of the Utilities/Command Line folder to $HOME/bin, /usr/local/bin, /opt/wireshark/bin or any other location that makes sense (preferably one that's in your PATH).
    3. You will probably need to adjust the permissions of /dev/bpf* in order to capture. You can do this by hand or by installing the ChmodBPF startup item.

    Details

    This disk contains the following:

    • The Wireshark application, which can be placed anywhere on your system. It requires X11.
    • The Utilities/Command Line folder, which contains links to Wireshark's command line utilities. These can be placed anywhere on your system, but they must all be in the same directory. If you placed Wireshark in a folder other than /Applications, you'll have to set WIRESHARKAPPDIR in order for these to work.
    • The Utilties/Startup folder, which contains the ChmodBPF startup item from the libpcap distribution. This can be used to set the permissions of /dev/bpf* when your system starts up. See Utilties/Startup/README.macosx for more details.
    • This file.
  • Leif Carlsson Level 5 Level 5 (4,950 points)
    Currently Being Moderated
    Feb 12, 2009 10:26 PM (in response to RJ Welsh)
    His guy has a complete installer version (Intel or PPC) that doesn't require X11.

    It's perhaps a little old though.

    http://www.christian-hornung.de/
  • PeterSchoenrank Calculating status...
    Currently Being Moderated
    Mar 16, 2009 11:27 AM (in response to DigiAngel)
    I read the +Read me first.rtf+ and I followed the instructions exactly. I also get the errors that w12jarjar gets.

    Something more than just regurgitating the read me would be helpful.
  • Erich Wetzel Level 2 Level 2 (265 points)
    Currently Being Moderated
    Mar 16, 2009 1:22 PM (in response to RJ Welsh)
    I gave up on Wire Shark due to the same problems.

    I found Packet Peeper at sourceforge.net, OS X ready. It may be a reasonable substitute.

    http://sourceforge.net/projects/packetpeeper/
    go to Downloads in the top bar and you will be able to download the application rather than the source code at the bigger download link.

    Worked fine for us.

    -Erich
    G5 DP 2.0 and 2.3 and Intel Xenon 2x2.8 quad, Mac OS X (10.5.5)
  • PeterSchoenrank Level 1 Level 1 (5 points)
    Currently Being Moderated
    Mar 16, 2009 2:48 PM (in response to RJ Welsh)
    There is some confusing discussion about this bug in Wireshark’s Bug Database <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3163>. The answer is in there if you dig hard enough.

    You need to set the path to the folder that Wireshark looks in for MIBs &c, because the default in version 1.0.6 for Mac OS X is incorrect. In Wireshark, do the following:

    • From the Edit menu, select Preferences...
    • In the left pane of the *Wireshark: Preferences* window, click on *Name Resolution*
    • For *SMI (MIB and PIB) paths*, click the Edit button
    • In the *SMI Paths* window, click the New button
    • In the *SMI Paths: New* window, in the name text box, type /usr/share/snmp/mibs/ and click OK
    • Click OK
    • Click OK
    • From the File menu, select Quit

    I found that it was also necessary to quit and restart X11 for the changed Wireshark preferences to take effect:

    • From the X11 menu, select *Quit X11*

    This gets rid of the loading the MIBS errors for me. YMMV. By the way, Wireshark is supposed to still be useable, even if you can’t get rid of these errors.

    If after you get rid of these errors, you can’t capture anything because Wireshark sees no interfaces, make sure that you have followed the instructions for adjusting the permissions of /dev/bpf* .

    Message was edited by: PeterSchoenrank
  • al dente 2008 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 11, 2009 2:17 PM (in response to PeterSchoenrank)
    Hi PeterSchoenrank,

    When I installed Wireshark 1.0.7, I encountered exactly the same problems as w12jarjar did. As you pointed out, there were two separate problems in his original post. I read its ReadMe (ah, I had ignored it, presuming there would be nothing important...) and did what it said. After a reboot, voila, I can select an interface.

    The SNMP error message is gone after setting the path in Preferences of Wireshark.

    Thank you for your post.
    MacBook 5,2 White 13", Mac OS X (10.5.6)
  • davidh Calculating status...
    Currently Being Moderated
    Jun 27, 2009 5:50 PM (in response to RJ Welsh)
    You need only download the current version from
    http://www.wireshark.org/download.html

    do verify the signature (sha1 better than md5)
    acutally read their included README,
    and then make the adjustment posted by PeterSchoenrank.

    I just did this successfully, as I had a slightly older version of Wireshark I'd been using.

    Thanks, Peter.
    Mac OS X (10.5.5), ACMT, ACTC (10.2) ACSA (10.4)
  • Boyan Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 10, 2009 1:23 PM (in response to PeterSchoenrank)
    That solution did it for me. THANK YOU!

    • From the Edit menu, select Preferences...
    • In the left pane of the Wireshark: Preferences window, click on Name Resolution
    • For SMI (MIB and PIB) paths, click the Edit button
    • In the SMI Paths window, click the New button
    • In the SMI Paths: New window, in the name text box, type /usr/share/snmp/mibs/ and click OK
    • Click OK
    • Click OK
    • From the File menu, select Quit
    Mac Book Pro, Mac OS X (10.6)
  • neptune2000 Level 3 Level 3 (670 points)
    Currently Being Moderated
    Sep 24, 2009 1:15 PM (in response to PeterSchoenrank)
    PeterSchoenrank wrote:
    There is some confusing discussion about this bug in Wireshark’s Bug Database <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3163>. The answer is in there if you dig hard enough.

    You need to set the path to the folder that Wireshark looks in for MIBs &c, because the default in version 1.0.6 for Mac OS X is incorrect. In Wireshark, do the following:
    [...]
    Message was edited by: PeterSchoenrank


    Fabulous fix. Worled like a champ. I'm running Snow Leopard and WireShark Version 1.2.2
     Mac Pro 3.00/8GB/750G Mac OS X Server (10.5.2) +  MacBook Pro 17in, Mac OS X (10.5.2), + EBSn (2 w/ Firmware 7.3.1) + tv
  • chopstix Level 1 Level 1 (0 points)
    Currently Being Moderated
    Nov 10, 2009 11:06 AM (in response to PeterSchoenrank)
    After doing the above step to add new path and resolve the errors, I cd'ed into /dev/ and executed 'sudo chmod 666 bpf*'

    That solved my problem of no interfaces being available in Wireshark.
    imac flat, Mac OS X (10.4.6)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.