Installation of WireShark V1.0 on Mac OS X
With V1.0 the WireShark project supports Mac OS X. The installation is not difficult, but mostly undocumented. This page shows, how I did it.
Previously this page contained a launcher for WireShark, when installed via Fink or MacPorts. This is still available here.
Downloading
For Macs with Intel processor a binary package is available on the WireShark download page http://www.wireshark.org/download.html.
Older Macs with PPC processor have to install it via Fink or MacPorts.
Installation of Wireshare Package
The base installation process is very Mac like. Open the downloaded .dmg disk image and move the WireShark application to your Applications folder (or anywhere else).
After the first installation you currently have to do some additional stuff. This has to be done only once.
Don't be confused by an eror message, when you try to open the "Read me first.rtf". Everything is fine with your download. This file is currently only a placeholder. It's empty, 0 bytes long.
Fixing Permissions
In previous versions WireShark was started with administrator priviledge through special launchers. In V1.0 it's no longer necessary to start it with special priviledges. You even get a warning when you do.
The new (unpriviledged) WireShark application won't work properly, when preference files of an older (priviledged) WireShark are found. You have either delete the old preferences or give them "normal" access permissions.
I prefer to keep my old preferences, so I change the file ownership of .wireshark from root back to my normal username.
The following command in Terminal changes it:
sudo chown -R <username> .wireshark
You, of course, need this only, when you used WireShark before.
Allowing Access to the Network Interfaces
When starting the new WireShark you will notice that you can't do any sniffing, as there are no network interfaces available.
To allow this, the BPF devices need to be accessable by WireShark. For more details have a look into Utilities → Startup → README.macosx on the WireShark disk image.
The following commands in Terminal will install the necessary files to set the BPF permissions. Then all users with administrator rights will be able to sniff packets.
sudo -s cd /Library/StartupItems cp -pR /Volumes/Wireshark/Utilities/Startup ChmodBPF chown -R root:wheel ChmodBPF exit
After a reboot, WireShark should be able to access all network interfaces.
Optional: Installing Command Line Versions of WireShark
If you want to be able to use the WireShark utilities on the command line (Terminal), install some small scripts on your system.
sudo install -p /Volumes/Wireshark/Utilities/Command\ Line/* /usr/local/bin
If you haven't installed the WireShark application into /Applications, you have to tell the command line scripts, where to find it.
Open .profile with an editor and add the line
export WIRESHARK_APP_DIR="<Directory, where WireShark resides>/Wireshark.app"
Then close all existing Terminal windows. With a new Terminal session you should be able to access WireShark utilities.