Ethereal on Mac OS X
July 25th, 2006 by Niranjan Kunwar
With perfect password manager, I thought I had the complete set of tools in my Mac for getting things done. But today I realized, I’d overlooked ethereal. I use it sometimes and it’s a gem without which it would be very difficult to solve some network problems. Ethereal is a free and open source packet sniffer application, used for network troubleshooting, analysis, software and protocol development, and education. It has all of the standard features of a protocol analyzer.
I was happy to see Ethereal for Mac OS X listed at the top of the download page. But, was confused with the choice I had to make between Fink Project and DarwinPorts. I was not sure what they meant or which one was better. So, after Googling a while and reading the FAQs, I found that the number one goal of both projects were to port open source Linux/Unix softwares to Mac OS X. They just differ in the packaging approach they’ve taken. DarwinPorts was written from scratch to try a different approach to a packaging system, where as Fink Project utilizes robust package management tools dpkg and apt-get from Debian Linux Project . So, I decided to try ethereal with Fink Project and this is how I did it.
Apple’s X11 and XCode environment
Ethereal is a GUI application that requires some flavor of X11 on your Mac and Fink will need the developer tools to compile some packages from source. I’m using Mac OS X 10.4.7 and installed the X11 and XCode from the Tiger installation disc. It’s straight forward; you just need to run the installer and follow instructions.
Fink Project
Download the Fink installer disk image, there’s also a quick start guide in the download page to help you install the fink. Basically what you’ve to do is double-click "Fink-0.8.1-XYZ-Installer.dmg" to mount the disk image, then double-click the "Fink 0.8.1 XYZ Installer.pkg" package inside, and follow the instructions on screen. At the end, a pathsetup utility will ask for permission before your shell’s configuration files are edited. You should answer "Yes".
FinkCommander
Install the FinkCommander GUI application included in the Fink package. This is done by dragging and dropping the FinkCommander.app to Applications folder. Then run the FinkCommander.app and choose the following commands from its menu: Source->scanpackages followed by Source->Utilities->index. If you are comfortable with command lines, you can achieve the same thing by opening a new Terminal window and running: "fink scanpackages; fink index"
Ethereal
After scanning and indexing of packages are completed, you can install any of the available packages from the list. To install ethereal — highlight the ethereal from the list, and choose Binary->Install. Or you can use the following command line to install: "fink install ethereal"
AcquaEthereal
Download and install AquaEthereal, which provides a convenient way to launch ethereal in Mac OSX. After the installation, you can start the AquaEthereal.app from your Applications folder. This launches the X11 environment first, then prompts you for your password. Input your password, press ok and you’re ready to capture packets with ethereal.
This entry was posted on Tuesday, July 25th, 2006 at 10:04 am and is filed under Technology, Admin, Apple, HowTo, Linux/Unix, Network, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
July 28th, 2006 at 11:08 pm
I followed the directions and now AquaEthereal starts to launcha nd then quits. Now sure what I did wrong.
July 29th, 2006 at 5:23 pm
AquaEthereal is just a launcher, actually ehtereal can run without it. You can try to run the Ethereal directly from the finder by double clicking “ethereal” (Your HDD –> sw –> bin –> ethereal). When you launch the ethereal directly by double clicking it, you need to modify the permission of your device from the terminal as following: “chown yourname /dev/bpf*”
August 1st, 2006 at 10:35 pm
thank you for the tip. I can’t find capture interface.
August 1st, 2006 at 11:59 pm
I got it work when I log in as root. Thank you for your help.
September 7th, 2006 at 6:57 pm
[…] EtherealEthereal is a free and open source packet sniffer application, used for network troubleshooting, analysis, software and protocol development, and education. It has all of the standard features of a protocol analyzer. This is a gem without which it would be very difficult to solve some network problems. For installation check Ethereal on Mac OS X. […]
December 23rd, 2006 at 12:27 pm
thanks a million. you saved me years.
February 8th, 2007 at 2:59 pm
Due to trademark issues, Ethereal was re-branded “Wireshark” (http://www.wireshark.org) last May. An OS X package is available as well.
February 8th, 2007 at 4:35 pm
Thanks for the update Gerald. Good to know that OS X packages are available as well. I just checked the sources; Fink still don’t have binary, I’m confused with the DarwinPorts and only Andreas Fink seems to have a Wireshark package but with around 20 dependencies
. They’re promising a combined single installer soon, which should be attractive to Mac users.
April 2nd, 2007 at 11:29 pm
Thank you very much. Great tutorial, very accurate.
Plus, I discovered the Fink Project, and that is HUGE !
May 31st, 2007 at 11:56 pm
Fantastic, I folow it and I get the ethereal runing.
December 14th, 2007 at 3:53 pm
[…] Ethereal works right out of the Fink package manager. I love working over the filters in Ethereal/Wireshark, but with Ethereal I don’t get the “live” packet captures. It’s a capture then analyze hand-off, which I’m probably going to have to go another way with sometime soon. But damn, I’m just glad to have something to help me out. […]
February 24th, 2008 at 11:40 am
I have the problem where AquaEthereal quit after I input a password.
I’m using default login (apple). How can I log in as a root?
February 25th, 2008 at 3:47 am
Hi efran, here’s how you can enable the root user in Mac OS X.
You can also check one of my earlier comment which you might find useful.