Robert D. wrote:
My google searching discovers this is pervasive. None the less, I can't seem to solve it on my system.If I type: sudo wireshark in Terminal (and give password) then I get: (wireshark:528): Gtk-WARNING **: cannot open display:
What if you do echo $DISPLAY in Terminal? If it doesn't print: :0.0 then you need to do either DISPLAY=:0.0; export DISPLAY if you're using a Bourne-compatible shell (bash, ksh) or setenv DISPLAY :0.0 if you're using a C-shell-compatible shell (tcsh). If you do that in your .login or .profile, it'll happen automatically.
If I navigate waaaaay down the tree in opt/local/var/db/dports/software/wireshark/0.99.5_0+darwin_8/opt/local/share and double click the unix executable Wireshark, then it runs but obviously hasn't the ability to find the network points.
"Obviously"? Why? Because it's not running as root? If so, note Luis Ontanon's comment. The libpcap source tree has an OS X startup item that sets the permissions on the BPF devices for you, so you don't have to do it after every rebooth; I've attached it (it's a bzipped tarball; extract it into /System/Library/StartupItems, so that there's a ChmodBPF directory under /System/Library/StartupItems).
One time, shortly after re-installing X-11 this morning, I was able to do a sudo wireshark and have it run corectly AND locate the various network points. When I discovered that none of my running programs could get to the Internet anymore, I suspected Wireshark had intercepted the en1 path
No, it doesn't intercept the en1 path. However, on some Intel-processor notebooks, with the standard libpcap, Wireshark will end up opening the "monitor mode" version of en1, which causes it to de-associate from whatever network you're associated with.
I think Andreas Fink's Wireshark package for OS X: http://www.finkconsulting.com/page7.phpis built with a version of libpcap that avoids this. (The Fink and DarwinPorts packages, as far as I know, are built with the standard libpcap in OS X.)
ChmodBPF.tar.bz2
Description: Binary data
_______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users