Wireshark on Mac OS X Leopard
Today I will be posting on a complete setup of wireshark for leopard. We will be using the MacPorts package manager in order to stay at the latest version with ease. There are a couple other versions available but I have found this one to be the best solution available.
Note: Mac OS X Leopard has moved to the Xorg codebase so there are a couple tricks and tradeoffs that exist when running X11 applications.
Run the following command to have a fully working wireshark setup.
sudo port install wireshark +x11
There is another variant which is +quartz but currently the versions of cairo and gtk2 working with the quartz libraries are very experimental and do not work well as of yet.
UPDATE: It appears with the current version 2.0 of XQuartz that is shipped with Leopard is a bit broken and Wireshark will crash quite quickly after you start to capture. See bug 1953. The solution to this is to update XQuartz to 2.1.0.1 or greater. To do this download http://xquartz.macosforge.org/downloads/X11-2.1.3.pkg and install it. This will update the shipped version.
Note: You need to have X11 already installed from the Apple Leopard DVD for this update to install.
Note: This is not an official Apple update for X11. We’re not really sure, when an official update comes out, how well it will install.
Trackbacks
Use the following link to trackback from your own site:
http://www.sysadminschronicles.com/trackbacks?article_id=wireshark_on_mac_os_x&day=03&month=12&year=2007