WireShark on MacOS

1、下载WireShark  64位 https://2.na.dl.wireshark.org/osx/Wireshark%201.12.2%20Intel%2064.dmg

2、双击安装

3、安装后启动,提示

4、安装X11

地址http://xquartz.macosforge.org/landing/

5、下载安装后,再次启动WireShark,选择使用工具中的x11.app

6、再次启动WireShark,提示初始化,等待大约1分钟后启动成功

7、Read Me:

Before You Begin

This release of Wireshark requires Macintosh OS X 10.5.5 or later, including X11.app. If you are running OS X 10.5.4 or older you can install using another packaging system such as MacPorts or Homebrew.

Quick Setup

  1. Simply double-click the Wireshark package. For details about the installation read below.

What changes does the installer make?

The installer writes to the following locations:

  • /Applications/Wireshark.app. The main Wireshark application.
  • /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist. A launch daemon that adjusts permissions on the system‘s packet capture devices (/dev/bpf*) when the system starts up.
  • /Library/Application Support/Wireshark/ChmodBPF A copy of the launch daemon property list, and the script that the launch daemon runs.
  • /usr/local/bin. A wrapper script and symbolic links which will let you run Wireshark and its associated utilities from the command line. You can access them directly or by adding /usr/local/bin to your PATH if it‘s not already in your
    PATH.

Additionally a group named access_bpf is created. The user who opened the package is added to the group.

How do I uninstall?

  1. Remove /Applications/Wireshark.app
  2. Remove /Library/Application Support/Wireshark
  3. Remove the wrapper scripts from /usr/local/bin
  4. Unload the org.wireshark.ChmodBPF.plist launchd job
  5. Remove /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist
  6. Remove the access_bpf group.

How does the wrapper script work? What if I move Wireshark.app?

The script should find the Wireshark application bundle and run the appropriate executable automatically. It looks for Wireshark.app in the following locations:

  • The path set in the WIRESHARK_APP_DIR environment variable
  • /Applications/Wireshark.app
  • The first path returned by mdfind "kMDItemCFBundleIdentifier == ‘org.wireshark.Wireshark‘"

If you move Wireshark.app the script should automatically find it. If it doesn‘t you will have to set WIRESHARK_APP_DIR to the path to (and including) Wireshark.app. Automatic discovery might fail if you have multiple copies of Wireshark installed
on your system or if Spotlight indexing isn‘t working properly.

时间: 2024-08-10 18:05:23

WireShark on MacOS的相关文章

macOS上,实现Wireshark手机抓包

1. 需要的硬件: Macbook Edimax EW-7822UAC无线网卡(如果买其他型号网卡,查看一下网卡的官网,确认有macOS的驱动) 需要的软件: Wireshark for macOS 2. 安装网卡驱动,重启动后,设置外置无线网卡EW-7822UAC连接到wifi网络. 3. 设置共享网络.注意,一定要把EW-7822UAC设置为"共享以下来源的连接",把内置网卡用于"用以下端口共享给电脑",如下图 点击上图的"Wi-Fi选项"按

Mac打不开Wireshark dyld: Library not loaded: /usr/X11/lib/libcairo.2.dylib

Q1:Mac OS Mountain Lion默认是没有安装X11的,而wireshark运行需要x11,因此如果直接安装wireshark而没有安装x11,wireshark不会正常运行. A1:去苹果主页下载最新版本的xQuartz,然后运行wireshark,会弹出一个选择x11的界面,选择/Application/Utilities目录下的xQuartz程序,点击确定, 然后X11会运行,弹出一个xterm窗口,在其中运行/Application/Wireshark.app/Conten

Wireshark学习总结

简介 Wireshark是一款开源的网络协议分析工具,是遵循GPL协议发布的自由软件,因为以上原因,人们可以很容易在Wireshark上添加新的协议,或者将其作为插件整合到您的程序里,Wireshark支持Linux.Windows.MacOS等多个操作系统. Wireshark在支持协议的数量方面是出类拔萃的-已经支持数千种协议,这些协议包括从最基础的IP协议和DHCP协议到高级的专门应用协议比如AppleTalk和BitTorrent等.由于Wireshark在开源模式下开发,每次更新都会增

转:如何mac下使用wireshark

Mac OS Mountain Lion默认是没有安装X11的,而wireshark运行需要x11,因此如果直接安装wireshark而没有安装x11,wireshark不会正常运行. 去苹果主页下载最新版本的xQuartz,然后运行wireshark,会弹出一个选择x11的界面,选择/Application/Utilities目录下的xQuartz程序,点击确定, 然后X11会运行,弹出一个xterm窗口,在其中运行/Application/Wireshark.app/Contents/Mac

Mac下安装Wireshark,双击闪退

Mac下安装Wireshark /Applications/Wireshark.app/Contents/MacOS/Wireshark root# export DISPLAY=:0.0 系统:OS X 10.9 Mavericks Wireshark安装包:Wireshark 1.10.2 Intel 64_0.dmg 首先安装X11 (即XQuartz); 安装Wireshark.dmg; 报错: The domain/default pair of (kCFPreferencesAnyA

[Mac]Mac OS X中WireShark的使用,及找不到网卡问题的解决方法

1.WireShark依赖X11: 2.默认情况下Mac OS X是不安装X11的: 因此,在Mac上安装WireShark,首先找出Mac OS 安装DVD安装X11. 安装完以后 echo $DISPLAY看看是不是出现如下结果 :0.0 如果没有,请执行如下命令行: DISPLAY=:0.0; export DISPLAY 另外,由于Mac OS的bug问题,每次重启系统以后,都要运行这两个命令是WireShark寻找到网卡:   sudo chgrp admin /dev/bpf*   

Mac中wireshark如何抓取HTTPS流量?

概述 某些场景下,我们需要分析网站https流量,chrome提供的DevTools工具在页面跳转时无法查看之前的请求. 使用wireshark能够全量抓取整个流程,本文主要是将网上查询到的资料整理,以便日后查阅. 步骤 以chrome为例,mac中详细操作如下: 1. 查找浏览器 sudo find / -iname "Google Chrome" 可以找到binary所在路径为/Applications/Google Chrome.app/Contents/MacOS/Google

WireShark抓取QQ邮箱

WireShark抓取QQ邮箱 实验环境:MacOS + WireShark 1.QQ邮箱是网址是基于HTTPS协议的 HTTPS(Hypertext Transfer Protocol over Secure Socket Layer)能够加密信息,由HTTP+TLS/SSL组成,在原本的HTTP协议上增加了一层加密信息模块,服务端和客户端的信息传输都要经过TLS进行加密,所以传输的数据都是加密后的数据. 2.TLS/SSL 简介 握手过程: 1.初始化阶段.客户端创建随机数,发送Client

MAC下使用Wireshark调试chrome浏览器的HTTP/2流量

1.设置环境变量 mkdir ~/tls && touch ~/tls/sslkeylog.log #zsh echo "\nexport SSLKEYLOGFILE=~/tls/sslkeylog.log" >> ~/.zshrc && source ~/.zshrc #bash echo "\nexport SSLKEYLOGFILE=~/tls/sslkeylog.log" >> ~/.bash_prof