Automatically pulled from Google Starred

Wireshark is an amazing utility that lets you view and analyze captured packet data from your network. It has become a must-have for many institutions and their admins. It features support for inspection and decryption of literally hundreds of protocols, with more being added constantly. It supports live capture, and also allows you to save, export, and compress data for further analysis later offline. It’s display filters are top notch, as well as it’s UI.

Best of all, Wireshark is available for absolutely free, no strings attached. It’s quite amazing the work that goes into this program, and networking aficionados all over the world continue to develop this killer network utility.

One drawback though, for some, is the process of actually getting it running properly in 10.6. I had trouble myself, and felt I needed to share the process I used to get it up and running in Snow Leopard.

Let me just share my setup first of all. I’m running Snow Leopard on a MacBook Pro (late 2009), with a 2.26 GHz Intel Core 2 Duo processor and the standard allotment of 2 GB of RAM. Your individual results may vary if you’re coming at this from a different operating system. Feel free to leave a comment if you’ve got a different setup and this isn’t working for you, and I’d be glad to help you out as best I can. So without much further ado…

Things you’ll need to get started (with this tutorial):

Administrator privileges on a Mac running OS 10.6
Wireshark (FREE – get it HERE)

The information you’ll need is in this here video. However, I’ve outlined the major steps needed to do it below the video. Again, feel free to leave any variation of “this didn’t work for me.” in the comments.

1.) Download, Mount, Copy Wireshark to Applications folder
2.) Copy CHModBPF folder into StartupItems directory
3.) Show hidden files and folders
4.) Navigate to /usr/local – if no /bin exists, you’ll need to create one…
5.) Enter Terminal and type the line: cd /usr/local
6.) Hit enter and type: sudo mkdir “bin”
7.) From the Command Line folder that is in the disk image, copy all of the binary files themselves into /usr/local/bin
8.) In Terminal, enter the following line and hit enter: cd /Library/StartupItems
9.) Then: sudo chown -R root:wheel ChmodBPF
10.) Open Wireshark and navigate to Edit>Preferences>Name Resolution>SMI (MIB and PIB Paths) and click Edit
11.) Click New and enter: usr/share/snmp/mibs
12.) Click OK, then Apply, then reboot your Mac.

Once your machine comes back up, you should be good to go!

Disclaimer: We do not endorse using Wireshark or any other network monitoring utility for illegal purposes.

Go to Source