WireShark on MacOS

1、下载WireShark  64位 https://2.na.dl.wireshark.org/osx/Wireshark%201.12.2%20Intel%2064.dmg

2、双击安装

3、安装后启动，提示

4、安装X11

地址http://xquartz.macosforge.org/landing/

5、下载安装后，再次启动WireShark，选择使用工具中的x11.app

6、再次启动WireShark，提示初始化，等待大约1分钟后启动成功

7、Read Me：

Before You Begin

This release of Wireshark requires Macintosh OS X 10.5.5 or later, including X11.app. If you are running OS X 10.5.4 or older you can install using another packaging system such as MacPorts or Homebrew.

Quick Setup

1. Simply double-click the Wireshark package. For details about the installation read below.

What changes does the installer make?

The installer writes to the following locations:

• /Applications/Wireshark.app. The main Wireshark application.
• /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist. A launch daemon that adjusts permissions on the system's packet capture devices (/dev/bpf*) when the system starts up.
• /Library/Application Support/Wireshark/ChmodBPF A copy of the launch daemon property list, and the script that the launch daemon runs.
• /usr/local/bin. A wrapper script and symbolic links which will let you run Wireshark and its associated utilities from the command line. You can access them directly or by adding /usr/local/bin to your PATH if it's not already in your PATH.

Additionally a group named access_bpf is created. The user who opened the package is added to the group.

How do I uninstall?

1. Remove /Applications/Wireshark.app
2. Remove /Library/Application Support/Wireshark
3. Remove the wrapper scripts from /usr/local/bin
4. Unload the org.wireshark.ChmodBPF.plist launchd job
5. Remove /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist
6. Remove the access_bpf group.

How does the wrapper script work? What if I move Wireshark.app?

The script should find the Wireshark application bundle and run the appropriate executable automatically. It looks for Wireshark.app in the following locations:

• The path set in the WIRESHARK_APP_DIR environment variable
• /Applications/Wireshark.app
• The first path returned by mdfind "kMDItemCFBundleIdentifier == 'org.wireshark.Wireshark'"

If you move Wireshark.app the script should automatically find it. If it doesn't you will have to set WIRESHARK_APP_DIR to the path to (and including) Wireshark.app. Automatic discovery might fail if you have multiple copies of Wireshark installed on your system or if Spotlight indexing isn't working properly.