Wireshark在Mac OS X 上使用

上一篇 / 下一篇  2010-05-06 12:38:47 / 个人分类:消息测试

by Schiffahr.Chen
  如果不是由于工作需要在Mac OS X下测试公司的产品,我可能不会去接触 Mac OS X下的消息测试。
  在 Windows平台下有很多消息测试的工具,其中个人觉得比较好用的是 HTTP Analyzer(指对应于OSI中表示层的协议HTTP而言)。刚开始在Mac OS X寻找消息测试的工具,发现有Cocoa Packet Analyzer、Wireshark等。 由于Wireshark在windows下有对应的版本,所以我采用了Wireshark。 到Wireshark下载页面下载对应的版本,我所使用的测试环境是minimac,Mac OS X 10.5.7,Intel处理器。
  安装后使用,发现没有可用的网卡。查找原因: Wireshark Mac no interfaces。解决此问题的途径是赋予需要访问的设备权限,这样才能捕获消息,进行截包。
$ sudo chown {your account name} /dev/bpf*
  在使用Wireshark进行截消息,为了更好的捕捉需要的消息,需要进行消息过滤,设置捕捉过滤器。比如我在测试过程中需要捕捉的是服务器(发送给我的http消息,我设置了消息过滤器:ip src host,这样在Wireshark上显示的是tcp和http的消息,看起来就简单多了。
  查看TCPdump的主页以获得更详细的捕捉过滤器语法说明。在Wiki Wireshark website上可以找到更多捕捉过滤器的例子。

7.mac os x上装wireshark注意事项


No Interfaces Available Using Wireshark on Mac OSX

Posted inCode,Linux/Unixon 2nd June 2008, 8:10 am by Stuart

On my previous Macbook Pro I’d used Ethereal and I don’t remember having many issues with it as I was able to run it as sudo so that I had privileges for sniffing packets. Since then Ethereal has becomeWiresharkand it’s now available with a nice appication wrapper as a launcher for running it under X11

After opening wireshark for the first time I had an issue that there were no interfaces to choose from due to lack of permissions.This link provides a neat solution to the problem by providing a start-up item to set the relevant permissions correctly.

The nub of the solution is to make sure you have permission to read/dev/bpf*


Wireshark-users: Re: [Wireshark-users] [Ethereal-users] No interfaces showing on ethereal 0.99 on Mac OS X

: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 04 Aug 2006 12:13:00 -0700

Warren Hall wrote:
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.organd subscribe to wireshark-users@xxxxxxxxxxxxxx
Don't forget to unsubscribe from this list at
...so I'm redirecting this to wireshark-users (to which replies will go).

I have compiled and installed ethereal 0.99 on my intel based Mac underOS X. The GUI launches and everything seems in order but I have no listof interfaces from which to capture from.My hardware is a MacBook Pro with built-in Gigabit ethernet and 802.11gadaptors.I am pretty sure my build went OK. Just wondering if I missed somethingin the ethereal configuration?
No, you missed something in your BSD configuration. :-)

On BSD-flavored systems, such as OS X, libpcap opens a BPF device to doa capture. You'd need to make the BPF devices on your system readableby you in order to capture (you could also run Wireshark as root, butthat's overkill, and runs a rather large chunk of code as root).
You could do

sudo chown {your account name} /dev/bpf*

to do that, but that would have to be done after every reboot. To dothat automatically, you could install the ChmodBPF startup item fromrecent versions of libpcap on your system in /Library/StartupItems andedit the commands in the StartService() shell function inChmodBPF/ChmodBPF to do the appropriate chown and possibly chmod commands.
I've attached a gzipped tarfile with that startup item.

Description:GNU Zip compressed data

TAG: wireshark MacOSX

引用 删除 shenchen   /   2011-02-18 11:47:52
你好,我的是macbook pro 374,装wireshark,启动时直接退出,看网上说 WireShark启动故障排除:
到/Application/WireShark.app/Contents/MacOS 下执行WireShark,查看结果是The domain/default pair of (kCFPreferencesAnyApplication, AppleAquaColorVariant) does not exist
2011-02-18 10:38:15.096 defaults[353:903]
The domain/default pair of (kCFPreferencesAnyApplication, AppleHighlightColor) does not exist
dyld: Library not loaded: /usr/X11/lib/libpng12.0.dylib
  Referenced from: /Applications/Wireshark.app/Contents/Resources/bin/wireshark-bin
  Reason: Incompatible library version: wireshark-bin requires version 45.0.0 or later, but libpng12.0.dylib provides version 42.0.0
schiffahr的个人空间 引用 删除 schiffahr   /   2010-05-06 16:56:29
Setting up WireShark on Mac OS X




:loveliness: :handshake :victory: :funk: :time: :kiss: :call: :hug: :lol :'( :Q :L ;P :$ :P :o :@ :D :( :)

Open Toolbar