Download WireShark for Mac - Network protocol analyzer. MacUpdate.com

WireShark 1.6.5

Your rating: Now say why...

(6) 4.5

Network protocol analyzer. Free

Add to my Watch List
Email me when discounted

Download Now
19.4 MB
Download Intel
19.5 MB (32-bit)
Download PPC
20.2 MB (PPC 32-bit)
Visit Developer's Site
Gerald Combs

Wireshark is one of the world's foremost network protocol analyzers, and is the standard in many parts of the industry. It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it it still under active development.

Wireshark has a rich feature set which includes the following:

Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Multi-interface: Along with a standard GUI, Wireshark includes TShark, a text-mode analyzer

What's New

Version 1.6.5:

Sub-fields of data field should appear in exported PDML as children of the data field instead of as siblings to it. (Bug 3809)
Incorrect time differences displayed with time reference set. (Bug 5580)
Wrong packet type association of SNMP trap after TFTP transfer. (Bug 5727)
SSL/TLS decryption needs wireshark to be rebooted. (Bug 6032)
Export HTTP Objects -> save all crashes Wireshark. (Bug 6250)
Wireshark Netflow dissector complains there is no template found though the template is exported. (Bug 6325)
DCERPC EPM tower UUID must be interpreted always as little endian. (Bug 6368)
Crash if no recent files. (Bug 6549)
IPv6 frame containing routing header with 0 segments left calculates wrong UDP checksum. (Bug 6560)
IPv4 UDP/TCP Checksum incorrect if routing header present. (Bug 6561)
Incorrect Parsing of SCPS Capabilities Option introduced in response to bug 6194. (Bug 6562)
Various crashes after loading NetMon2.x capture file. (Bug 6578)
Fixed compilation of dumpcap on some systems (when MUST_DO_SELECT is defined). (Bug 6614)
SIGSEGV in SVN 40046. (Bug 6634)
Wireshark dissects TCP option 25 as an "April 1" option. (Bug 6643)
ZigBee ZCL Dissector reports invalid status. (Bug 6649)
ICMPv6 DNSSL option malformed on padding. (Bug 6660)
Wrong tvb_get_bits function call in packet-csn1.c. (Bug 6708)
[UDP] - Length Field of Pseudo Header while computing CheckSum is not correct. (Bug 6711)
pcapio.c: bug in libpcap_write_interface_description_block. (Bug 6719)
Memory leaks in various dissectors.
Bytes highlighted in wrong Byte pane when field selected in Details pane.

Version 1.6.5:

Sub-fields of data field should appear in exported PDML as children of the data field instead of as siblings to it. (Bug 3809)
Incorrect time differences displayed with time reference set. (Bug 5580)
Wrong packet type association of SNMP trap after TFTP transfer. (Bug 5727)
SSL/TLS decryption needs wireshark to be rebooted. (Bug 6032)
Export HTTP Objects -> save all more...

Requirements

Intel
Mac OS X 10.5 or later
Apple's X11

Cocoa Packet A...

+43
Free

Network packet protocol ...
HTTP Client

+3
Commercial $1.99

Developer tool for debugging ...
Charles

+2
Shareware $50

Java HTTP proxy and monitor.
Packet Peeper

+2
Free

Network protocol ...
ntop

+1
Free

Network traffic monitor.
KisMAC

+1
Free

Scan for nearby wireless ...

WireShark User Discussion (Write a Review)

ver. 1.x:

(6)

Your rating: Now say why...

Overall:

(7)

sort: smiles | time

frequencydip reviewed on 04 Nov 2011

This program has been very useful in troubleshooting tracking and analytics. Using the GA debugger only helps for chrome, using this we can see the call any browser makes or even a connected iPad or iPhone!

[Version 1.6.3]

JohnKHeath reviewed on 22 Oct 2011

After trying for a hundred times, I still have problems installing this program. Any workaround for Lion, or is it not supported?

[Version 1.6.2]

2 Replies

-1267

Libertyforall1776 replied on 02 Nov 2011

Installs just fine here... What problems?

+10

Scottlep replied on 12 Jan 2012

Do you have X11 installed, which is listed as a requirement?

JohnKHeath reviewed on 05 Oct 2011

I used to run WireShark in windows, now this version has even better functionalities in Mac. Works great, I like it.

[Version 1.6.2]

angelowales79 reviewed on 30 Sep 2011

Gotta love wireshark

[Version 1.6.2]

lcj005 reviewed on 08 Jun 2011

Great tool for snooping ethernet traffic. Windows 64bit variant is a bit cumbersome on 2008 server with IPv6, but on the whole a great improvement.

[Version 1.6.0rc2]

+480

Negritude commented on 30 Mar 2011

Note that, 1.5.0 is a development/beta release. The current stable release is 1.4.4. Check the developer's web site for more info.

[Version 1.5.0]

1 Reply

+480

Negritude replied on 16 Apr 2011

Once again, 1.5.1 is a development release. The latest stable is 1.4.5.

+115

Borlox tipped on 03 Jun 2010

The right way to get this to work is NOT to run it as root or to screw around with the permissions of /dev/bpf*. Set the permissions of the dumpcap executable to something like root:wheel rwsr--r-- (NOT rwsr-xr-x), and add an ACL entry for each user who needs to run Wireshark. For example, to enable user foo to capture packets,

sudo chmod +a "foo allow execute" $( which dumpcap )

[Version 1.2.8]

1 Reply

+33

Yappa replied on 14 Oct 2010

@BORLOX ROX!

Chap Harrison commented on 13 Feb 2010

Starts up but can't find any interfaces. Not surprised since it's never tried to authenticate. I then ran Command Line tool 'sudo wireshark' which worked but gave me glaring warning about running as root. So what do people do to run wireshark on mac os x?

[Version 1.2.6]

2 Replies

+42

Blacksmith_tb commented on 13 Feb 2010

The first time you sudo on any *nix-style OS, it will give you the warning about great power and great responsibility. Which is good, as indiscriminate use is hazardous to your health. To give Wireshark access to the interfaces on your mac, take a look at the README (in chmodBPF, inside the Utilities folder on the dmg).

Chap Harrison replied on 13 Feb 2010

In the readme is this:

4. You will probably need to adjust the permissions of /dev/bpf* in order to capture. You can do this by hand or by dragging the ChmodBPF folder onto the StartupItems alias.

I tried the second method (startupitems) and rebooted, but received an alert that I lacked required permissions to perform the chmods. After manually running the chgrp/chmod with sudo, WireShark ran just fine.

So I'm not sure what they had in mind by putting the ChmodBPF folder into /Library/StartupItems. My default login has Mac OS X Administrative privileges. Will I need to reissue those chgrp/chmod commands next time I reboot?

+40

Mutant commented on 12 Feb 2010

As of 2010/02/12 the MU download link is broken.
Current download is: http://www.wireshark.org/download.html

[Version 1.2.5]

+17

Trashie commented on 17 Sep 2009

X11 thing is a bit of a pain for OSX as X11 never works as nice on OSX as Linux. Can't tunnel some X11 stuff on OSX at all. Of course X11 has it's benefits even on OSX and I can see why they keep it this way.

This is more for people trying to check network security and administrate networks than anything else so I can't see it being that popular mainstream anyway X11 or not.

Most of us who use it know about X11 and Linux/Unix anyway and probably should/do have it on a Linux box anyway but we love OSX so we try to put it here too. The lack of comments for this tells you mostly it is run on Linux and Win not OSX.

I can't find an app as good native to OSX but maybe there is one? But it is a wonderful project and application that really helps secure/admin networks.

[Version 1.2.2]

1 Reply

+22

Tijej commented on 29 Oct 2009

Have you tried CocoaPacketAnalyzer ?
Maybe it's not as powerful as WireShark, but it's a good piece of software :
http://www.macupdate.com/info.php/id/24867/cocoa-packet-analyzer

There are currently no troubleshooting comments. If you are experiencing a problem with this app, please post a comment.

Lachtigall rated on 02 Nov 2011

[Version 1.6.3]

FAM9 rated on 03 Jun 2011

[Version 1.6.0rc2]

Downloads:40,653

Version Downloads:4,288

Type:Utilities : Network

License:Free

Date:12 Jan 2012

Platform:Intel

Price:Free

Overall (Version 1.x):

Features:

Ease of Use:

Value:

Stability:

Displaying 1-10 of 11

1 2

Displaying 1-2 of 2

Please login or create a new
MacUpdate Member account
to use this feature

Watch Lists are available to
MacUpdate Desktop Members
Upgrade Now

Download and auto-install
using MacUpdate Desktop. Save
time moving folders and cleaning-up.

Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Multi-interface: Along with a standard GUI, Wireshark includes TShark, a text-mode analyzer which is useful for remote capture, analysis, and scripting
The most powerful display filters in the industry
VoIP analysis
Live capture and offline analysis are supported
Read/write many different capture file formats: tcpdump (libpcap), NAI's Sniffer™ (compressed and uncompressed), Sniffer™ Pro, NetXray™, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, Visual Networks' Visual UpTime and many others
Capture files compressed with gzip can be decompressed on the fly
Hundreds of protocols are supported, with more being added all the time
Coloring rules can be applied to the packet list, which eases analysis

Add/Update Listing About MacUpdate Desktop Career Opportunities RSS Twitter Facebook Advertise Sitemap