Wireshark在Mac OS X 上使用

我爱小虾

by Schiffahr.Chen
  如果不是由于工作需要在Mac OS X下测试公司的产品，我可能不会去接触 Mac OS X下的消息测试。
  在 Windows平台下有很多消息测试的工具，其中个人觉得比较好用的是 HTTP Analyzer(指对应于OSI中表示层的协议HTTP而言)。刚开始在Mac OS X寻找消息测试的工具，发现有Cocoa Packet Analyzer、Wireshark等。 由于Wireshark在windows下有对应的版本，所以我采用了Wireshark。 到Wireshark下载页面下载对应的版本，我所使用的测试环境是minimac，Mac OS X 10.5.7，Intel处理器。
  安装后使用，发现没有可用的网卡。查找原因： Wireshark Mac no interfaces。解决此问题的途径是赋予需要访问的设备权限，这样才能捕获消息，进行截包。
$ sudo chown {your account name} /dev/bpf*
在每次重新启动机器都要执行以上操作，当然也可以加到自动启动项里面。关于更详细的说明，请看本文后面附的文章二的内容。本文的附件就是文章提到的tarfile.gz。
在使用Wireshark进行截消息，为了更好的捕捉需要的消息，需要进行消息过滤，设置捕捉过滤器。比如我在测试过程中需要捕捉的是服务器(192.168.111.2)发送给我的http消息，我设置了消息过滤器：ip src host 192.168.111.2，这样在Wireshark上显示的是tcp和http的消息，看起来就简单多了。
  查看TCPdump的主页以获得更详细的捕捉过滤器语法说明。在Wiki Wireshark website上可以找到更多捕捉过滤器的例子。
  参考来源：
1.http://muffinresearch.co.uk/archives/2008/06/02/no-interfaces-available-using-wireshark-on-mac-osx/
2.http://www.wireshark.org/lists/wireshark-users/200608/msg00014.html
3.wireshark的安装和使用
4.http://wiki.wireshark.org/CaptureFilters
5.http://www.ethereal.com/docs/man-pages/tcpdump.8.html
6.http://www.mac-forums.com/forums/airport-networking-wireless-technology/151665-wireshark-error-no-interfaces-mac-os-x-10-5-a.html
7.mac os x上装wireshark注意事项
  引用两篇相关问题的文章：
======================================
文章一：
http://muffinresearch.co.uk/archives/2008/06/02/no-interfaces-available-using-wireshark-on-mac-osx/
No Interfaces Available Using Wireshark on Mac OSX
Posted inCode,Linux/Unixon 2nd June 2008, 8:10 am by Stuart
　　On my previous Macbook Pro I’d used Ethereal and I don’t remember having many issues with it as I was able to run it as sudo so that I had privileges for sniffing packets. Since then Ethereal has becomeWiresharkand it’s now available with a nice appication wrapper as a launcher for running it under X11
　　After opening wireshark for the first time I had an issue that there were no interfaces to choose from due to lack of permissions.This link provides a neat solution to the problem by providing a start-up item to set the relevant permissions correctly.
　　The nub of the solution is to make sure you have permission to read/dev/bpf*
============================================
文章二：
http://www.wireshark.org/lists/wireshark-users/200608/msg00014.html
Wireshark-users: Re: [Wireshark-users] [Ethereal-users] No interfaces showing on ethereal 0.99 on Mac OS X
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 04 Aug 2006 12:13:00 -0700

　　Warren Hall wrote:

　　-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.organd subscribe to wireshark-users@xxxxxxxxxxxxxx
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users

　　...so I'm redirecting this to wireshark-users (to which replies will go).

　　I have compiled and installed ethereal 0.99 on my intel based Mac underOS X. The GUI launches and everything seems in order but I have no listof interfaces from which to capture from.My hardware is a MacBook Pro with built-in Gigabit ethernet and 802.11gadaptors.I am pretty sure my build went OK. Just wondering if I missed somethingin the ethereal configuration?

　　No, you missed something in your BSD configuration. :-)

On BSD-flavored systems, such as OS X, libpcap opens a BPF device to doa capture. You'd need to make the BPF devices on your system readableby you in order to capture (you could also run Wireshark as root, butthat's overkill, and runs a rather large chunk of code as root).
　　You could do
sudo chown {your account name} /dev/bpf*

to do that, but that would have to be done after every reboot. To dothat automatically, you could install the ChmodBPF startup item fromrecent versions of libpcap on your system in /Library/StartupItems andedit the commands in the StartService() shell function inChmodBPF/ChmodBPF to do the appropriate chown and possibly chmod commands.
　　I've attached a gzipped tarfile with that startup item.
　　Attachment:tarfile.gz
Description:GNU Zip compressed data

• Prev by Date:[Wireshark-users] Dissector for decoding WiMax MAC protocol
  
• Next by Date:Re: [Wireshark-users] Dissector for decoding WiMax MAC protocol
  
• Previous by thread:Re: [Wireshark-users] Dissector for decoding WiMax MAC protocol
  
• Next by thread:Re: [Wireshark-users] SS7 over IP
  
• Index(es):
  
  
  
  • Date
    
  • Thread