Ethereal on Mac OS X
With perfect password manager, I thought I had the complete set of tools in my Mac for getting things done. But today I realized, I’d overlooked ethereal. I use it sometimes and it’s a gem without which it would be very difficult to solve some network problems. Ethereal is a free and open source packet sniffer application, used for network troubleshooting, analysis, software and protocol development, and education. It has all of the standard features of a protocol analyzer.
I was happy to see Ethereal for Mac OS X listed at the top of the download page. But, was confused with the choice I had to make between Fink Project and DarwinPorts. I was not sure what they meant or which one was better. So, after Googling a while and reading the FAQs, I found that the number one goal of both projects were to port open source Linux/Unix softwares to Mac OS X. They just differ in the packaging approach they’ve taken. DarwinPorts was written from scratch to try a different approach to a packaging system, where as Fink Project utilizes robust package management tools dpkg and apt-get from Debian Linux Project . So, I decided to try ethereal with Fink Project and this is how I did it.
Apple’s X11 and XCode environment
Ethereal is a GUI application that requires some flavor of X11 on your Mac and Fink will need the developer tools to compile some packages from source. I’m using Mac OS X 10.4.7 and installed the X11 and XCode from the Tiger installation disc. It’s straight forward; you just need to run the installer and follow instructions.
Fink Project
Download the Fink installer disk image, there’s also a quick start guide in the download page to help you install the fink. Basically what you’ve to do is double-click "Fink-0.8.1-XYZ-Installer.dmg" to mount the disk image, then double-click the "Fink 0.8.1 XYZ Installer.pkg" package inside, and follow the instructions on screen. At the end, a pathsetup utility will ask for permission before your shell’s configuration files are edited. You should answer "Yes".
FinkCommander
Install the FinkCommander GUI application included in the Fink package. This is done by dragging and dropping the FinkCommander.app to Applications folder. Then run the FinkCommander.app and choose the following commands from its menu: Source->scanpackages followed by Source->Utilities->index. If you are comfortable with command lines, you can achieve the same thing by opening a new Terminal window and running: "fink scanpackages; fink index"
Ethereal
After scanning and indexing of packages are completed, you can install any of the available packages from the list. To install ethereal — highlight the ethereal from the list, and choose Binary->Install. Or you can use the following command line to install: "fink install ethereal"
AcquaEthereal
Download and install AquaEthereal, which provides a convenient way to launch ethereal in Mac OSX. After the installation, you can start the AquaEthereal.app from your Applications folder. This launches the X11 environment first, then prompts you for your password. Input your password, press ok and you’re ready to capture packets with ethereal.
This post has 13 comments
July 28th, 2006
I followed the directions and now AquaEthereal starts to launcha nd then quits. Now sure what I did wrong.
July 29th, 2006
AquaEthereal is just a launcher, actually ehtereal can run without it. You can try to run the Ethereal directly from the finder by double clicking “ethereal” (Your HDD –> sw –> bin –> ethereal). When you launch the ethereal directly by double clicking it, you need to modify the permission of your device from the terminal as following: “chown yourname /dev/bpf*”
August 1st, 2006
thank you for the tip. I can’t find capture interface.
August 1st, 2006
I got it work when I log in as root. Thank you for your help.
December 23rd, 2006
thanks a million. you saved me years.
February 8th, 2007
Due to trademark issues, Ethereal was re-branded “Wireshark” (http://www.wireshark.org) last May. An OS X package is available as well.
February 8th, 2007
Thanks for the update Gerald. Good to know that OS X packages are available as well. I just checked the sources; Fink still don’t have binary, I’m confused with the DarwinPorts and only Andreas Fink seems to have a Wireshark package but with around 20 dependencies
. They’re promising a combined single installer soon, which should be attractive to Mac users.
April 2nd, 2007
Thank you very much. Great tutorial, very accurate.
Plus, I discovered the Fink Project, and that is HUGE !
May 31st, 2007
Fantastic, I folow it and I get the ethereal runing.
February 24th, 2008
I have the problem where AquaEthereal quit after I input a password.
I’m using default login (apple). How can I log in as a root?
February 25th, 2008
Hi efran, here’s how you can enable the root user in Mac OS X.
You can also check one of my earlier comment which you might find useful.
September 26th, 2008
Before I go the route with Fink, has anyone tried running this installer on a OS X box that has Gimp installed? I use Gimp a lot and would not like to see that X11 config stomped by the Fink install.
October 20th, 2008
Hi,
I have Mac OS 10.5.4. So, I have downloaded Fink-0.9.0-Intel-Installer.dmg and followed the steps you directed upto FinkCommander. But I could not find ethereal package here. So, I installed wireshark package instead and SharkLauncher(actually just decompress) from your provided link for AquaEthereal. When I launch SharkLauncher, it prompts for password as expected, but after about a minute it justs close down even before showing any GUI. I tried log in as root even with no success. Could you please help me?
Trackbacks