Guy,
Thanks for the detailed explanation!
btw can you confirm - the reason to install the scripts to
/usr/local/bin is just to put them in a place which is in $PATH to
avoid typing /Applications/Wireshark.app/Contents/Resources/bin/wireshark?
The latter also works (unless it has side effects that I don't know
about) ...
Regards,
Srivats
On Jul 16, 2010, Guy Harris <guy@...> wrote:
> I'm using Version 1.2.8 (SVN Rev 32676) on Mac OS X Leopard 10.5.8
>
> I'm not able to give command line parameters to it e.g. a file or even
> any options such as -v or -h. All the following commands given on a
> terminal running bash just launch the GUI straight away as if no
> arguments were given -
>
> /Applications/Wireshark.app/Contents/MacOS/Wireshark dump.cap
> /Applications/Wireshark.app/Contents/MacOS/Wireshark -v
> /Applications/Wireshark.app/Contents/MacOS/Wireshark -h
>
> Am I missing something? (I'm new to MacOS!)
In OS X, native GUI applications are stored as "app bundles", which
are directory trees. The top-level
directory ends with ".app", and the application's executable image is
in the Contents/MacOS directory,
with, normally, the same name as the application (without the ".app").
Wireshark, on OS X, is an X11-based application, not an application
using the native GUI. The executable
image for an OS X GUI application has to obey various conventions to
work correctly, and the X11-based
Wireshark binary doesn't (and can't, as it currently exists) obey
those conventions.
Therefore, /Applications/Wireshark.app/Contents/MacOS/Wireshark is a
front end to the *real*
Wireshark, which is stored in Contents/Resources/bin/wireshark-bin.
*That's* the actual Wireshark
executable image.
However, that also requires a whole bunch of environment variables to
be set, so that Wireshark picks up
various files from the app bundle rather from the "standard" locations
in which the support libraries,
etc. are installed, so there's a script called "wireshark" in the
Contents/Resources/bin directory
that sets all the appropriate environment variables and runs wireshark-bin.
So if you want to run Wireshark programs from the command line, the
scripts in Contents/Resources/bin
should be installed in, for example, /usr/local/bin.
If you installed Wireshark from the dmg from wireshark.org, read the
Read Me First document - it says:
> Before You Begin
>
> This release of Wireshark requires Macintosh OS X 10.5.5 or later and XQuartz (X11.app). If you are
running OS X 10.5.4 or older, you can install using MacPorts or Fink.
>
> Quick Setup
>
> 1. Drag the Wireshark icon onto to the Applications alias.
> 2. Open the Utilities folder.
> 3. Drag the contents of the Command Line folder to $HOME/bin, /usr/local/bin, /opt/wireshark/bin or
any other location that makes sense (preferably one that's in your PATH).
> 4. You will probably need to adjust the permissions of /dev/bpf* in order to capture. You can do this by
hand or by dragging the ChmodBPF folder onto the StartupItems alias.
>
> Details
>
> This disk image contains the following:
>
> • The Wireshark application, which can be placed anywhere on your system. It requires X11.
> • The Utilities/Command Line folder, which contains links to Wireshark's command line utilities.
These can be placed anywhere on your system, but they must all be in
the same directory. If you placed
Wireshark in a folder other than /Applications, you'll have to set
WIRESHARK_APP_DIR in order for these
to work.
> • The Utilties/ChmodBPF folder, which contains the ChmodBPF startup item from the libpcap
distribution. This can be used to set the permissions of /dev/bpf*
when your system starts up. See
Utilties/ChmodBPF/README.macosx for more details.
> • This file.
Note the bit about Utilities/Command Line - it makes it a bit easier
to install the scripts.
