Normally I just run a sudo tcpdump at a command line. But I wanted to play around in the wireshark gui of the latest build 1.0.8 for OSX Leopard.
So I downloaded the latest DMG for Wireshark 1.0.8 for Intel Leopard. Dragged the Wireshark app to my Applications folder and ran it. Wireshark would not see any network interfaces.
What I found is that I need to do the following then wireshark can see the interfaces. BTW no: sudo open “Applications/Wireshark.app” would not work either. I suspect because its an x11 app.
sudo -S chown username /dev/bpf*
Note you substitute your short username for the “username” field above. But who wants to do that every time you reboot? Even if you script it. So I of course made an automator.
- Drag over the “Ask for Text” object. Use a prompt like “Enter Password:”
- Drag over Run Shell Script. put in the sudo chown from above. Also change the pass input to: to stdin
- Lastly drag over Launch Application. Choose the Wireshark.app.
Save it as an automator application. Maybe on your desktop. And now you have a simple double click method to perform the chown of the network interfaces so Wireshark.app can see them. It will prompt you for your user password (assuming you are an admin user or added your account to sudoers using the visudo command) and pass it to the sudo statement for you then launch wireshark.
One last thing. Seems Leopard and where wireshark thinks some mibs are disagree. I found a great blog post by Josh Fuller on fixing it with a couple of symbolic links. You may have to put sudo in front of his commands. It worked for me.