On Jul 16, 2010, at 1:03 PM, Srivats P wrote:
> I'm using Version 1.2.8 (SVN Rev 32676) on Mac OS X Leopard 10.5.8
>
> I'm not able to give command line parameters to it e.g. a file or even
> any options such as -v or -h. All the following commands given on a
> terminal running bash just launch the GUI straight away as if no
> arguments were given -
>
> /Applications/Wireshark.app/Contents/MacOS/Wireshark dump.cap
> /Applications/Wireshark.app/Contents/MacOS/Wireshark -v
> /Applications/Wireshark.app/Contents/MacOS/Wireshark -h
>
> Am I missing something? (I'm new to MacOS!)
In OS X, native GUI applications are stored as "app bundles", which are directory trees. The top-level directory ends with ".app", and the application's executable image is in the Contents/MacOS directory, with, normally, the same name as the application (without the ".app").
Wireshark, on OS X, is an X11-based application, not an application using the native GUI. The executable image for an OS X GUI application has to obey various conventions to work correctly, and the X11-based Wireshark binary doesn't (and can't, as it currently exists) obey those conventions.
Therefore, /Applications/Wireshark.app/Contents/MacOS/Wireshark is a front end to the *real* Wireshark, which is stored in Contents/Resources/bin/wireshark-bin. *That's* the actual Wireshark executable image.
However, that also requires a whole bunch of environment variables to be set, so that Wireshark picks up various files from the app bundle rather from the "standard" locations in which the support libraries, etc. are installed, so there's a script called "wireshark" in the Contents/Resources/bin directory that sets all the appropriate environment variables and runs wireshark-bin.
So if you want to run Wireshark programs from the command line, the scripts in Contents/Resources/bin should be installed in, for example, /usr/local/bin.
If you installed Wireshark from the dmg from wireshark.org, read the Read Me First document - it says:
> Before You Begin
>
> This release of Wireshark requires Macintosh OS X 10.5.5 or later and XQuartz (X11.app). If you are running OS X 10.5.4 or older, you can install using MacPorts or Fink.
>
> Quick Setup
>
> 1. Drag the Wireshark icon onto to the Applications alias.
> 2. Open the Utilities folder.
> 3. Drag the contents of the Command Line folder to $HOME/bin, /usr/local/bin, /opt/wireshark/bin or any other location that makes sense (preferably one that's in your PATH).
> 4. You will probably need to adjust the permissions of /dev/bpf* in order to capture. You can do this by hand or by dragging the ChmodBPF folder onto the StartupItems alias.
>
> Details
>
> This disk image contains the following:
>
> • The Wireshark application, which can be placed anywhere on your system. It requires X11.
> • The Utilities/Command Line folder, which contains links to Wireshark's command line utilities. These can be placed anywhere on your system, but they must all be in the same directory. If you placed Wireshark in a folder other than /Applications, you'll have to set WIRESHARK_APP_DIR in order for these to work.
> • The Utilties/ChmodBPF folder, which contains the ChmodBPF startup item from the libpcap distribution. This can be used to set the permissions of /dev/bpf* when your system starts up. See Utilties/ChmodBPF/README.macosx for more details.
> • This file.
Note the bit about Utilities/Command Line - it makes it a bit easier to install the scripts.
