Wireshark

Question

Level 1

0 points

Wireshark

I am trying to install Wireshark 1.0.6 on my MacBook Pro running 10.5.6.

I downloaded the program from the wireshark webpage and installed it. I do not know where to place the utilities folder that came with the download. Do I need to install additional third party programs?

When I launch wireshark I get the following error:

The following errors were found while loading the MIBS:
-:0 1 module-not-found failed to locate MIB module `IP-MIB'
-:0 1 module-not-found failed to locate MIB module `IF-MIB'
-:0 1 module-not-found failed to locate MIB module `TCP-MIB'
-:0 1 module-not-found failed to locate MIB module `UDP-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMPv2-MIB'
-:0 1 module-not-found failed to locate MIB module `RFC1213-MIB'
-:0 1 module-not-found failed to locate MIB module `IPV6-ICMP-MIB'
-:0 1 module-not-found failed to locate MIB module `IPV6-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-COMMUNITY-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-FRAMEWORK-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-MPD-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-NOTIFICATION-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-PROXY-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-TARGET-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-USER-BASED-SM-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-USM-DH-OBJECTS-MIB'
-:0 1 module-not-found failed to locate MIB module `SNMP-VIEW-BASED-ACM-MIB'

The Current Path is: /usr/local/share/mibs/ietf:/usr/local/share/mibs/iana:/usr/local/share/mibs/irt f:/usr/local/share/mibs/site:/usr/local/share/mibs/tubs:/usr/local/share/pibs/ie tf:/usr/local/share/pibs/site:/usr/local/share/pibs/tubs

I have used wireshark at work on the PC, but I would like to install it on my MAC for home use. There is also no interface selection available in the capture menu.

MacBook Pro, Mac OS X (10.5.6)

Posted on Feb 12, 2009 12:33 PM

Reply

Answer 1

Feb 12, 2009 6:26 PM in response to RJ Welsh

From the readme:

Quick Setup

1. Drag the Wireshark icon to /Applications.
2. Drag the contents of the Utilities/Command Line folder to $HOME/bin, /usr/local/bin, /opt/wireshark/bin or any other location that makes sense (preferably one that's in your PATH).
3. You will probably need to adjust the permissions of /dev/bpf* in order to capture. You can do this by hand or by installing the ChmodBPF startup item.

Details

This disk contains the following:

• The Wireshark application, which can be placed anywhere on your system. It requires X11.
• The Utilities/Command Line folder, which contains links to Wireshark's command line utilities. These can be placed anywhere on your system, but they must all be in the same directory. If you placed Wireshark in a folder other than /Applications, you'll have to set WIRESHARK APPDIR in order for these to work.
• The Utilties/Startup folder, which contains the ChmodBPF startup item from the libpcap distribution. This can be used to set the permissions of /dev/bpf* when your system starts up. See Utilties/Startup/README.macosx for more details.
• This file.

Reply

Answer 2

Feb 12, 2009 10:26 PM in response to RJ Welsh

His guy has a complete installer version (Intel or PPC) that doesn't require X11.

It's perhaps a little old though.

http://www.christian-hornung.de/

Reply

Answer 3

Mar 16, 2009 11:27 AM in response to DigiAngel

I read the +Read me first.rtf+ and I followed the instructions exactly. I also get the errors that w12jarjar gets.

Something more than just regurgitating the read me would be helpful.

Reply

Answer 4

Mar 16, 2009 1:22 PM in response to RJ Welsh

I gave up on Wire Shark due to the same problems.

I found Packet Peeper at sourceforge.net, OS X ready. It may be a reasonable substitute.

http://sourceforge.net/projects/packetpeeper/
go to Downloads in the top bar and you will be able to download the application rather than the source code at the bigger download link.

Worked fine for us.

-Erich

Reply

Answer 5

Mar 16, 2009 2:48 PM in response to RJ Welsh

There is some confusing discussion about this bug in Wireshark’s Bug Database <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3163>. The answer is in there if you dig hard enough.

You need to set the path to the folder that Wireshark looks in for MIBs &c, because the default in version 1.0.6 for Mac OS X is incorrect. In Wireshark, do the following:

• From the Edit menu, select Preferences...
• In the left pane of the *Wireshark: Preferences* window, click on *Name Resolution*
• For *SMI (MIB and PIB) paths*, click the Edit button
• In the *SMI Paths* window, click the New button
• In the *SMI Paths: New* window, in the name text box, type /usr/share/snmp/mibs/ and click OK
• Click OK
• Click OK
• From the File menu, select Quit

I found that it was also necessary to quit and restart X11 for the changed Wireshark preferences to take effect:

• From the X11 menu, select *Quit X11*

This gets rid of the loading the MIBS errors for me. YMMV. By the way, Wireshark is supposed to still be useable, even if you can’t get rid of these errors.

If after you get rid of these errors, you can’t capture anything because Wireshark sees no interfaces, make sure that you have followed the instructions for adjusting the permissions of /dev/bpf* .

Message was edited by: PeterSchoenrank

Reply

Answer 6

RJ Welsh Author

Level 1

0 points

Mar 17, 2009 9:56 PM in response to Leif Carlsson

Leif,

The wireshark on this link worked great! Thanks!

Reply

Answer 7

Apr 11, 2009 2:17 PM in response to PeterSchoenrank

Hi PeterSchoenrank,

When I installed Wireshark 1.0.7, I encountered exactly the same problems as w12jarjar did. As you pointed out, there were two separate problems in his original post. I read its ReadMe (ah, I had ignored it, presuming there would be nothing important...) and did what it said. After a reboot, voila, I can select an interface.

The SNMP error message is gone after setting the path in Preferences of Wireshark.

Thank you for your post.

Reply

Answer 8

RJ Welsh Author

Level 1

0 points

Jun 27, 2009 9:02 AM in response to RJ Welsh

This link helped me fix it

http://www.whoopis.com/howtos/wireshark-mac-howto/

Reply

Answer 9

davidh

Level 4

1,890 points

Jun 27, 2009 5:50 PM in response to RJ Welsh

You need only download the current version from
http://www.wireshark.org/download.html

do verify the signature (sha1 better than md5)
acutally read their included README,
and then make the adjustment posted by PeterSchoenrank.

I just did this successfully, as I had a slightly older version of Wireshark I'd been using.

Thanks, Peter.

Reply

Answer 10

Boyan

Level 1

8 points

Sep 10, 2009 1:23 PM in response to PeterSchoenrank

That solution did it for me. THANK YOU!

• From the Edit menu, select Preferences...
• In the left pane of the Wireshark: Preferences window, click on Name Resolution
• For SMI (MIB and PIB) paths, click the Edit button
• In the SMI Paths window, click the New button
• In the SMI Paths: New window, in the name text box, type /usr/share/snmp/mibs/ and click OK
• Click OK
• Click OK
• From the File menu, select Quit

Reply

Answer 11

Sep 24, 2009 1:15 PM in response to PeterSchoenrank

PeterSchoenrank wrote:
There is some confusing discussion about this bug in Wireshark’s Bug Database < https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3163 >. The answer is in there if you dig hard enough.

You need to set the path to the folder that Wireshark looks in for MIBs &c, because the default in version 1.0.6 for Mac OS X is incorrect. In Wireshark, do the following:
[...]
Message was edited by: PeterSchoenrank

Fabulous fix. Worled like a champ. I'm running Snow Leopard and WireShark Version 1.2.2

Reply

Answer 12

chopstix

Level 1

0 points

Nov 10, 2009 11:06 AM in response to PeterSchoenrank

After doing the above step to add new path and resolve the errors, I cd'ed into /dev/ and executed 'sudo chmod 666 bpf*'

That solved my problem of no interfaces being available in Wireshark.

Reply