WireShark on MacOS

1、下载WireShark  64位 https://2.na.dl.wireshark.org/osx/Wireshark%201.12.2%20Intel%2064.dmg

2、双击安装

3、安装后启动,提示



4、安装X11

地址http://xquartz.macosforge.org/landing/


5、下载安装后,再次启动WireShark,选择使用工具中的x11.app

6、再次启动WireShark,提示初始化,等待大约1分钟后启动成功



7、Read Me:

Before You Begin


This release of Wireshark requires Macintosh OS X 10.5.5 or later, including X11.app. If you are running OS X 10.5.4 or older you can install using another packaging system such as MacPorts or Homebrew.


Quick Setup


  1. Simply double-click the Wireshark package. For details about the installation read below.


What changes does the installer make?


The installer writes to the following locations:


  • /Applications/Wireshark.app. The main Wireshark application.
  • /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist. A launch daemon that adjusts permissions on the system's packet capture devices (/dev/bpf*) when the system starts up.
  • /Library/Application Support/Wireshark/ChmodBPF A copy of the launch daemon property list, and the script that the launch daemon runs.
  • /usr/local/bin. A wrapper script and symbolic links which will let you run Wireshark and its associated utilities from the command line. You can access them directly or by adding /usr/local/bin to your PATH if it's not already in your PATH.


Additionally a group named access_bpf is created. The user who opened the package is added to the group.


How do I uninstall?


  1. Remove /Applications/Wireshark.app
  2. Remove /Library/Application Support/Wireshark
  3. Remove the wrapper scripts from /usr/local/bin
  4. Unload the org.wireshark.ChmodBPF.plist launchd job
  5. Remove /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist
  6. Remove the access_bpf group.


How does the wrapper script work? What if I move Wireshark.app?


The script should find the Wireshark application bundle and run the appropriate executable automatically. It looks for Wireshark.app in the following locations:


  • The path set in the WIRESHARK_APP_DIR environment variable
  • /Applications/Wireshark.app
  • The first path returned by mdfind "kMDItemCFBundleIdentifier == 'org.wireshark.Wireshark'"


If you move Wireshark.app the script should automatically find it. If it doesn't you will have to set WIRESHARK_APP_DIR to the path to (and including) Wireshark.app. Automatic discovery might fail if you have multiple copies of Wireshark installed on your system or if Spotlight indexing isn't working properly.



你可能感兴趣的:(osx,wireshark)