Wireshark 说明文档

Before You Begin

 

This release of Wireshark requires Mac OS X 10.5.5 or later. If you are running Mac OS X 10.5.4 or older you can install using another packaging system such as MacPorts or Homebrew.

 

Quick Setup

 

1. Simply double-click the Wireshark package. For details about the installation read below.

 

What changes does the installer make?

 

The installer writes to the following locations:

 

• /Applications/Wireshark.app. The main Wireshark application.
• /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist. A launch daemon that adjusts permissions on the system's packet capture devices (/dev/bpf*) when the system starts up.
• /Library/Application Support/Wireshark/ChmodBPF A copy of the launch daemon property list, and the script that the launch daemon runs.
• /usr/local/bin. A wrapper script and symbolic links which will let you run Wireshark and its associated utilities from the command line. You can access them directly or by adding /usr/local/bin to your PATH if it's not already in your PATH.

• /etc/paths.d/Wireshark. The folder name in this file is automatically added to PATH
• /etc/manpaths.d/Wireshark. The folder name in this file is used by the man command.

 

Additionally a group named access_bpf is created. The user who opened the package is added to the group.

 

How do I uninstall?

 

1. Remove /Applications/Wireshark.app
2. Remove /Library/Application Support/Wireshark
3. Remove the wrapper scripts from /usr/local/bin
4. Unload the org.wireshark.ChmodBPF.plist launchd job
5. Remove /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist
6. Remove the access_bpf group.
7. Remove /etc/paths.d/Wireshark
8. Remove /etc/manpaths.d/Wireshark

 

How does the wrapper script work? What if I move Wireshark.app?

 

The script should find the Wireshark application bundle and run the appropriate executable automatically. It looks for Wireshark.app in the following locations:

 

• The path set in the WIRESHARK_APP_DIR environment variable
• /Applications/Wireshark.app
• The first path returned by mdfind "kMDItemCFBundleIdentifier == 'org.wireshark.Wireshark'"

 

If you move Wireshark.app the script should automatically find it. If it doesn't you will have to set WIRESHARK_APP_DIR to the path to (and including) Wireshark.app. Automatic discovery might fail if you have multiple copies of Wireshark installed on your system or if Spotlight indexing isn't working properly.