This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Unable to use Wireshark GUI on Mavericks 10.9.2

0

Hello,

I have a MacBook Pro running OSX 10.9.2 and Wireshark 1.10.6 with XQuartz 2.7.5. If I launch Wireshark directly, it cannot see any of my network interfaces. If I launch XQuartz first and then launch Wireshark from the commandline, it still cannot see any of my network interfaces. And when I launch XQuartz first, and then launch Wireshark with the sudo command, WIreshark can see my network interfaces just fine, however, the Wireshark GUI is completely unusable. Nothing works at all. No menus can be clicked and it is essentially completely dead.

Ideally I'd like to use Wireshark so that it can read traffic off of my network interfaces. Is this possible with Mavericks? If so, what must be done so that I can launch Wireshark, see all of my network interfaces, and then actually use the Wireshark GUI as it was intended to be used?

Any feedback would be most appreciated.

Thanks,

Wulf

asked 22 Apr '14, 10:53

vulfie's gravatar image

vulfie
1113
accept rate: 0%

edited 22 Apr '14, 10:57


One Answer:

1

Hi Wulf, When you download the package from wireshark and open it there is a "Read me first.rtf" which explains the steps that the installation process will follow. Two of them are:

  • /Library/StartupItems/ChmodBPF. A script which adjusts permissions on the system's packet capture devices (/dev/bpf*) when the system starts up.

  • Additionally a group named access_bpf is created. The user who opened the package is added to the group.

Is your username part of access_bpf group? You can check this by giving the id command in you terminal. Also check your /dev/bpf* which should be root:access_bpf.

If you check online you will see that there's an update on wireshark to 1.10.7. https://www.wireshark.org/download.html

BTW, I'm using development version 1.113 and it work very well with QT (without Xquartz)

Hopes this helps. Let us know.

answered 22 Apr '14, 15:37

Edmond's gravatar image

Edmond
1813614
accept rate: 33%

Hi Edmond,

Eureka! I downloaded 1.10.7 as suggested and it worked like a champ! Wow, I need to start paying attention to those ReadMe files again!

Thanks so much for the help! I am now unblocked!

Very cordially,

Wulf

(22 Apr '14, 17:43) vulfie

Hi Wulf, accept my answer as the resolution to your question if it solved your problem.

Regarding the update of your wireshark, the reason that i put it last was because it was meant for you to try last :). Troubleshooting is alway the 1st step of solving a problem.

(23 Apr '14, 00:12) Edmond