12 Replies Latest reply: Nov 10, 2009 11:06 AM by chopstix
RJ Welsh Level 1 Level 1 (0 points)
I am trying to install Wireshark 1.0.6 on my MacBook Pro running 10.5.6.

I downloaded the program from the wireshark webpage and installed it. I do not know where to place the utilities folder that came with the download. Do I need to install additional third party programs?

When I launch wireshark I get the following error:

The following errors were found while loading the MIBS:
-:0 1 module-not-found failed to locate MIB module `IP-MIB'
-:0 1 module-not-found failed to locate MIB module `IF-MIB'
-:0 1 module-not-found failed to locate MIB module `TCP-MIB'
-:0 1 module-not-found failed to locate MIB module `UDP-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMPv2-MIB'
-:0 1 module-not-found failed to locate MIB module `RFC1213-MIB'
-:0 1 module-not-found failed to locate MIB module `IPV6-ICMP-MIB'
-:0 1 module-not-found failed to locate MIB module `IPV6-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-COMMUNITY-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-FRAMEWORK-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-MPD-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-NOTIFICATION-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-PROXY-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-TARGET-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-USER-BASED-SM-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-USM-DH-OBJECTS-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-VIEW-BASED-ACM-MIB'


The Current Path is: /usr/local/share/mibs/ietf:/usr/local/share/mibs/iana:/usr/local/share/mibs/irt f:/usr/local/share/mibs/site:/usr/local/share/mibs/tubs:/usr/local/share/pibs/ie tf:/usr/local/share/pibs/site:/usr/local/share/pibs/tubs

I have used wireshark at work on the PC, but I would like to install it on my MAC for home use. There is also no interface selection available in the capture menu.

MacBook Pro, Mac OS X (10.5.6)
  • DigiAngel Level 1 Level 1 (40 points)
    From the readme:

    Quick Setup

    1. Drag the Wireshark icon to /Applications.
    2. Drag the contents of the Utilities/Command Line folder to $HOME/bin, /usr/local/bin, /opt/wireshark/bin or any other location that makes sense (preferably one that's in your PATH).
    3. You will probably need to adjust the permissions of /dev/bpf* in order to capture. You can do this by hand or by installing the ChmodBPF startup item.

    Details

    This disk contains the following:

    • The Wireshark application, which can be placed anywhere on your system. It requires X11.
    • The Utilities/Command Line folder, which contains links to Wireshark's command line utilities. These can be placed anywhere on your system, but they must all be in the same directory. If you placed Wireshark in a folder other than /Applications, you'll have to set WIRESHARKAPPDIR in order for these to work.
    • The Utilties/Startup folder, which contains the ChmodBPF startup item from the libpcap distribution. This can be used to set the permissions of /dev/bpf* when your system starts up. See Utilties/Startup/README.macosx for more details.
    • This file.
  • Leif Carlsson Level 5 Level 5 (4,950 points)
    His guy has a complete installer version (Intel or PPC) that doesn't require X11.

    It's perhaps a little old though.

    http://www.christian-hornung.de/
  • PeterSchoenrank Level 1 Level 1 (5 points)
    I read the +Read me first.rtf+ and I followed the instructions exactly. I also get the errors that w12jarjar gets.

    Something more than just regurgitating the read me would be helpful.
  • Erich Wetzel Level 2 Level 2 (315 points)
    I gave up on Wire Shark due to the same problems.

    I found Packet Peeper at sourceforge.net, OS X ready. It may be a reasonable substitute.

    http://sourceforge.net/projects/packetpeeper/
    go to Downloads in the top bar and you will be able to download the application rather than the source code at the bigger download link.

    Worked fine for us.

    -Erich
  • PeterSchoenrank Level 1 Level 1 (5 points)
    There is some confusing discussion about this bug in Wireshark’s Bug Database <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3163>. The answer is in there if you dig hard enough.

    You need to set the path to the folder that Wireshark looks in for MIBs &c, because the default in version 1.0.6 for Mac OS X is incorrect. In Wireshark, do the following:

    • From the Edit menu, select Preferences...
    • In the left pane of the *Wireshark: Preferences* window, click on *Name Resolution*
    • For *SMI (MIB and PIB) paths*, click the Edit button
    • In the *SMI Paths* window, click the New button
    • In the *SMI Paths: New* window, in the name text box, type /usr/share/snmp/mibs/ and click OK
    • Click OK
    • Click OK
    • From the File menu, select Quit

    I found that it was also necessary to quit and restart X11 for the changed Wireshark preferences to take effect:

    • From the X11 menu, select *Quit X11*

    This gets rid of the loading the MIBS errors for me. YMMV. By the way, Wireshark is supposed to still be useable, even if you can’t get rid of these errors.

    If after you get rid of these errors, you can’t capture anything because Wireshark sees no interfaces, make sure that you have followed the instructions for adjusting the permissions of /dev/bpf* .

    Message was edited by: PeterSchoenrank
  • RJ Welsh Level 1 Level 1 (0 points)
    Leif,

    The wireshark on this link worked great! Thanks!
  • al dente 2008 Level 1 Level 1 (0 points)
    Hi PeterSchoenrank,

    When I installed Wireshark 1.0.7, I encountered exactly the same problems as w12jarjar did. As you pointed out, there were two separate problems in his original post. I read its ReadMe (ah, I had ignored it, presuming there would be nothing important...) and did what it said. After a reboot, voila, I can select an interface.

    The SNMP error message is gone after setting the path in Preferences of Wireshark.

    Thank you for your post.
  • RJ Welsh Level 1 Level 1 (0 points)
  • davidh Level 4 Level 4 (1,890 points)
    You need only download the current version from
    http://www.wireshark.org/download.html

    do verify the signature (sha1 better than md5)
    acutally read their included README,
    and then make the adjustment posted by PeterSchoenrank.

    I just did this successfully, as I had a slightly older version of Wireshark I'd been using.

    Thanks, Peter.
  • Boyan Level 1 Level 1 (0 points)
    That solution did it for me. THANK YOU!

    • From the Edit menu, select Preferences...
    • In the left pane of the Wireshark: Preferences window, click on Name Resolution
    • For SMI (MIB and PIB) paths, click the Edit button
    • In the SMI Paths window, click the New button
    • In the SMI Paths: New window, in the name text box, type /usr/share/snmp/mibs/ and click OK
    • Click OK
    • Click OK
    • From the File menu, select Quit
  • neptune2000 Level 3 Level 3 (670 points)
    PeterSchoenrank wrote:
    There is some confusing discussion about this bug in Wireshark’s Bug Database <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3163>. The answer is in there if you dig hard enough.

    You need to set the path to the folder that Wireshark looks in for MIBs &c, because the default in version 1.0.6 for Mac OS X is incorrect. In Wireshark, do the following:
    [...]
    Message was edited by: PeterSchoenrank


    Fabulous fix. Worled like a champ. I'm running Snow Leopard and WireShark Version 1.2.2
  • chopstix Level 1 Level 1 (0 points)
    After doing the above step to add new path and resolve the errors, I cd'ed into /dev/ and executed 'sudo chmod 666 bpf*'

    That solved my problem of no interfaces being available in Wireshark.