Installing Wireshark on MacOS X isn’t hard; however it isn’t as straightforward as on other platforms.
- Download and install XQuartz. While no longer officially supported by Apple, XQuartz was spun out from Apple as an open source project.
- Download and install WireShark
- Launch Wireshark
- You might be prompted for the location of your X11 viewer (XQuartz). It is browse to
/Applications/Utilities - Wireshark will prompt you that it will take a while to build the font cache. It’s not kidding. I had absolutely no indication of activity, then after a few minutes, Wireshark appeared.
- You might be prompted for the location of your X11 viewer (XQuartz). It is browse to
- Begin capturing packets – make sure you are only sniffing packets in a location where you are authorized to run a packet sniffer (e.g. you own private network)
Other Notes
- You can keep the Wireshark icon in your doc; however, clicking on the icon will not always bring Wireshark into the foreground. If clicking on the Wireshark icon doesn’t bring it into the foreground, try clicking on the XQuartz icon.
- Wireshark is still a Windows/Linux program, so the menu bar is inside of the main window.