Before You Begin
This release of Wireshark requires Macintosh OS X 10.5.5 or later, including X11.app. If you are running OS X 10.5.4 or older you can install using another packaging system such as MacPorts or Homebrew.
Quick Setup
Simply double-click the Wireshark package. For details about the installation read below.
What changes does the installer make?
The installer writes to the following locations:
/Applications/Wireshark.app
. The main Wireshark application.
/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist
. A launch daemon that adjusts permissions on the system's packet capture devices (
/dev/bpf
*) when the system starts up.
/Library/Application Support/Wireshark/ChmodBPF
A copy of the launch daemon property list, and the script that the launch daemon runs.
/usr/local/bin
. A wrapper script and symbolic links which will let you run Wireshark and its associated utilities from the command line. You can access them directly or by adding /usr/local/bin to your PATH if it's not already in your PATH.
Additionally a group named
access_bpf
is created. The user who opened the package is added to the group.
How do I uninstall?
\b0\fs24 \cf0 \
1. Remove
/Applications/Wireshark.app
\i0 \
2. Remove
/Library/Application Support/Wireshark
\i0 \
3. Remove the wrapper scripts from
/usr/local/bin
4. Unload the
org.wireshark.ChmodBPF.plist
launchd job
5. Remove
/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist
\i0 \
6. Remove the
access_bpf
group.
How does the wrapper script work? What if I move Wireshark.app?
\b0\fs24 \cf0 \
The script should find the Wireshark application bundle and run the appropriate executable automatically. It looks for Wireshark.app in the following locations:
The path set in the WIRESHARK_APP_DIR environment variable
/Applications/Wireshark.app
The first path returned by
mdfind "kMDItemCFBundleIdentifier == 'org.wireshark.Wireshark'"
\f1 \
If you move Wireshark.app the script should automatically find it. If it doesn't you will have to set WIRESHARK_APP_DIR to the path to (and including) Wireshark.app. Automatic discovery might fail if you have multiple copies of Wireshark installed on your system or if Spotlight indexing isn't working properly.