Last month I had Wireshark 1.10.8 working on my Macbook Pro with no problems. I foolishly (as it happens) decided to give the QT+ version a try so uninstalled, as per the instructions in the attached Readme file in the installation package, my existing version of Wireshark and installed the QT+ version (1.99.0 I believe). It worked for a short period but constantly had to be restarted because it would lose half its open window above the top of my screen and then it lost access to the interfaces. I uninstalled it (again, as per the Readme in the installation package) and installed X11 and Wireshark 1.10.8. This installation did not work. The error I received can only be described as "vague" at best;
...but seems to imply that there's a problem with ChmodBPF. When I look in /Library/LaunchDaemons org.wireshark.ChmodBPF.plist is there and appears to have the correct permissions (system, wheel, me) however there are no helper scripts in /usr/local/bin. Needless to say although Wireshark starts correctly (or appears to do so) there are no interfaces in the interface list. Does anyone have any ideas on how I can get this working? ...and no, multiple uninstalls, cleans and installs do not work. John asked 22 Jul '14, 05:50 jcheriton |
2 Answers:
Try running the following commands first:
That should remove all traces of both versions of Wireshark from the system AND make the OS X packaging system completely forget about it, so that, the next time you try installing Wireshark, the packaging system thinks you're doing a fresh installation. Then try installing 1.10.8 again. (Note that 1.10.8 doesn't install ChmodBPF; instead, it removes ChmodBPF and installs a launchd launch daemon instead, to make the same permission change on the BPF devices that the ChmodBPF startup item did.) If it still fails, report a bug at the Wireshark bugzilla. answered 23 Jul '14, 15:12 Guy Harris ♦♦ showing 5 of 7 show 2 more comments |
This problem is easily reproduced if the user uses the
The Therefore, the user needs to remove the following lines from
Once the override has been successfully removed, installation using "Wireshark 1.10.8 Intel 64", "Wireshark 1.12.3 Intel 64" and "Wireshark 1.99.1 Intel 64" should work (only tested on OS X 10.9.5). This issue could also be mitigated from the installer by modifying chmodbpf's postinstall script to also use the Another way to mitigate this issue would be by modifying the "Read me first.rtf" document supplied with Wireshark to directly state the command that was intended for use when unloading the org.wireshark.ChmodBPF.plist launchd job. The problem is that if a user were to search Google for, "Unload the org.wireshark.ChmodBPF.plist launchd" the first result is this help page and the second is a page that has the user use the answered 15 Feb '15, 07:48 paretech |
Thanks for that Guy but it still refuses to install. It seems to be an issue with installing ChmodBPF in /Library/Application Support/Wireshark however even changing the permission on that directory and reinstalling make no difference.
Then try running those commands again, start up the Wireshark installer and, before answering any questions, select "Installer Log" from the "Windows" menu, select "Show All Logs" rather than "Show Errors Only" in that window, and continue the install. Then, if the install fails, make a copy of the entire contents of that window - in case we need more information later - and look for any messages concerning the ChmodBPF package and paste them here. (I just tried removing it from a Mavericks virtual machine I have, rebooting to get the BPF devices back to "normal", and installing 1.10.8, and everything worked.)
Ok, so after a good clean reboot and reinstall (or not, as it happens) I have, for ChmodBPF;
Again, thanks for the help with this. The full log can be found here
OK, here's the contents of org.wireshark.chmodbpf.pkg's post-install script:
Try copying that to a script file, giving it execute permission, running it with
sudo
, and see what it prints.Hi,
Before failing to install Wireshark (and not surprisingly I guess) I get a lot of;
After failing to install Wireshark I simply get;
This seems to imply that the Wireshark directory in /Library/Application Support is deficient in something. I have been here before - even changing the permissions for that directory and all it contains makes no difference.
Having said that, if I request information for the directory using Finder’s Get Info menu the Permissions list shows “Fetching…” for the Read/Write owner.
Who should own this directory? root:wheel again?
@jcheriton
Your “answer” has been converted to a comment as that’s how this site works. Please read the FAQ for more information.
What do the commands
and
(complete with quotes) print?