Home‎ > ‎Write-ups‎ > ‎

Installing Wireshark on Mac OS X 10.8 Mountain Lion

posted Jul 31, 2012, 5:24 PM by Israel Torres   [ updated Aug 17, 2012, 8:30 AM ]
This write-up quickly goes over installing Wireshark using XQuartz on Mac OS X 10.8 Mountain Lion. Things have changed since Lion and things don't work as expected as I found out :) Enjoy.

1. Download the latest version of Wireshark

2. After mounting the .dmg you are presented with the .pkg which folks normally double-click on to open; you can also right-click on the .pkg (or control-click if you have a single button mouse configuration). More importantly doing this will allow you to open the .pkg and continue installation without having to temporarily disable your security preferences settings (steps 3 and 4 below); on the warning prompt click Open and skip to step 5.

3. To modify your preferences go to System Preferences -> Security & Privacy [General]. Make sure you have it set to unlocked so you can make changes. Change "Allow applications downloaded from" the default setting of "Mac App Store and identified developers" to "Anywhere".
4. Be aware doing this makes your system "less secure" - which is why this is a temporary change only to install WireShark. After Wireshark has been installed change it back!
5. To run Wireshark you'll need to download XQuartz. Mountain Lion (removes if you upgraded from Lion) does not come with X11 support which Wireshark and other applications like ImageMagick need so you'll have to install it as recommended by Apple. Once you've installed XQuartz and start up Wireshark you'll be prompted to Choose Application for X11 since it doesn't find it in the default location it is expecting. You need to manually locate it by browsing for it in Applications/Utilities/XQuartz (by default it just looks in Applications). 
6. When you run Wireshark for the first time it may just throw up a bash prompt after locating X11 (XQuartz) so you'll need to close everything down; if you try to restart Wireshark too early you'll get this message stating that you should wait a little longer before restarting Wireshark.
7. The dock will show both Wireshark and XQuartz running.

8. Eventually Wireshark will start the GUI.

9. ... and Wireshark will display successfully.

I hope this helps you out in saving you a few minutes. When Apple makes updates things get confusing quickly especially at the lower layers where power users roam.

Israel Torres - 2012-07-31 

(updated 2012-08-17) Thank you Mika Ryynänen for updating step 2 for efficiency!