MacOS: Buggy Wireshark

Wireshark is a network protocol analyzer for Unix and Windows. I would not vote for the “Unix” declaration. Unix is not Linux, right?

Wireshark does not start after install

Wireshark does not work out of the box, as it requires X11 Quartz to run in the background. The X11 libraries cannot be found, as Wireshark expects them to be in a different location. The error looks like:

2015-02-08 07:38:03.043 defaults[14411:90526] 
The domain/default pair of (kCFPreferencesAnyApplication, AppleAquaColorVariant) does not exist
2015-02-08 07:38:03.052 defaults[14412:90531] 
The domain/default pair of (kCFPreferencesAnyApplication, AppleHighlightColor) does not exist
dyld: Library not loaded: /usr/X11/lib/libcairo.2.dylib
  Referenced from: /Applications/Wireshark.app/Contents/Resources/bin/wireshark-bin
  Reason: image not found
Trace/BPT trap: 5

The solution is simple, to create a link to the X11:

sudo ln -s /opt/X11 /usr/X11

Ugly fonts

Yes, it is unbelievable, but the graphical view of Wireshark is not as nice as on other operating systems. Apparently, the X11 requirement makes the program hard to create in a unix-compatible way.

Here are some hints to make it less ugly, but do not expect miracles here…

source.

Alternative

Go for the built in command-line dedicated tcpdump. Wireshark builds upon it anyway…

Advertisements
This entry was posted in Apple, Security and tagged , , , , , . Bookmark the permalink.