{\rtf1\ansi\ansicpg1252\cocoartf1348\cocoasubrtf170 \cocoascreenfonts1{\fonttbl\f0\froman\fcharset0 TimesNewRomanPSMT;\f1\fswiss\fcharset0 Helvetica;\f2\fnil\fcharset0 Menlo-Regular; } {\colortbl;\red255\green255\blue255;} {\*\listtable{\list\listtemplateid1\listhybrid{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\*\levelmarker \{decimal\}.}{\leveltext\leveltemplateid1\'02\'00.;}{\levelnumbers\'01;}\fi-360\li720\lin720 }{\listname ;}\listid1} {\list\listtemplateid2\listhybrid{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\*\levelmarker \{disc\}}{\leveltext\leveltemplateid101\'01\uc0\u8226 ;}{\levelnumbers;}\fi-360\li720\lin720 }{\listname ;}\listid2} {\list\listtemplateid3\listhybrid{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\*\levelmarker \{disc\}}{\leveltext\leveltemplateid201\'01\uc0\u8226 ;}{\levelnumbers;}\fi-360\li720\lin720 }{\listname ;}\listid3} {\list\listtemplateid4\listhybrid{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\*\levelmarker \{decimal\}.}{\leveltext\leveltemplateid301\'02\'00.;}{\levelnumbers\'01;}\fi-360\li720\lin720 }{\listname ;}\listid4} {\list\listtemplateid5\listhybrid{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\*\levelmarker \{disc\}}{\leveltext\leveltemplateid401\'01\uc0\u8226 ;}{\levelnumbers;}\fi-360\li720\lin720 }{\listname ;}\listid5}} {\*\listoverridetable{\listoverride\listid1\listoverridecount0\ls1}{\listoverride\listid2\listoverridecount0\ls2}{\listoverride\listid3\listoverridecount0\ls3}{\listoverride\listid4\listoverridecount0\ls4}{\listoverride\listid5\listoverridecount0\ls5}} \margl1440\margr1440\vieww13060\viewh12960\viewkind0 \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \f0\b\fs28 \cf0 Before You Begin\ \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \f1\b0\fs24 \cf0 This release of Wireshark requires Mac OS X 10.5.5 or later. If you are running Mac OS X 10.5.4 or older you can install using another packaging system such as MacPorts or Homebrew. \f0\b\fs28 \ \ Quick Setup\ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \b0\fs24 \cf0 \ \pard\tx220\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\li720\fi-720\pardirnatural \ls1\ilvl0 \f1 \cf0 Simply double-click the Wireshark package. For details about the installation read below.\ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \cf0 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \f0\b\fs28 \cf0 What changes does the installer make?\ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \b0\fs24 \cf0 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \f1 \cf0 The installer writes to the following locations:\ \ \pard\tx220\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\li720\fi-720\pardirnatural \ls2\ilvl0\cf0 {\listtext \'95 } \i /Applications/Wireshark.app \i0 . The main Wireshark application.\ {\listtext \'95 } \i /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist \i0 . A launch daemon that adjusts permissions on the system's packet capture devices ( \i /dev/bpf \i0 *) when the system starts up.\ {\listtext \'95 } \i /Library/Application Support/Wireshark/ChmodBPF \i0 A copy of the launch daemon property list, and the script that the launch daemon runs.\ {\listtext \'95 } \i /usr/local/bin \i0 . A wrapper script and symbolic links which will let you run Wireshark and its associated utilities from the command line. You can access them directly or by adding /usr/local/bin to your PATH if it's not already in your PATH.\ \pard\tx220\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\li720\fi-720\pardirnatural \ls3\ilvl0\cf0 {\listtext \'95 } \i /etc/paths.d/Wireshark \i0 . The folder name in this file is automatically added to PATH\ {\listtext \'95 } \i /etc/manpaths.d/Wireshark \i0 . The folder name in this file is used by the man command.\ \pard\tx560\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \cf0 \ Additionally a group named \i access_bpf \i0 is created. The user who opened the package is added to the group.\ \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \f0\b\fs28 \cf0 How do I uninstall?\ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \b0\fs24 \cf0 \ \pard\tx220\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\li720\fi-720\pardirnatural \ls4\ilvl0 \f1 \cf0 {\listtext 1. }Remove \i /Applications/Wireshark.app \i0 \ {\listtext 2. }Remove \i /Library/Application Support/Wireshark \i0 \ {\listtext 3. }Remove the wrapper scripts from \i /usr/local/bin \i0 \ {\listtext 4. }Unload the \i org.wireshark.ChmodBPF.plist \i0 launchd job\ {\listtext 5. }Remove \i /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist \i0 \ {\listtext 6. }Remove the \i access_bpf \i0 group.\ {\listtext 7. }Remove \i /etc/paths.d/Wireshark \i0 \ {\listtext 8. }Remove \i /etc/manpaths.d/Wireshark \i0 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \f0\b\fs28 \cf0 \ How does the wrapper script work? What if I move Wireshark.app?\ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \b0\fs24 \cf0 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \f1 \cf0 The script should find the Wireshark application bundle and run the appropriate executable automatically. It looks for Wireshark.app in the following locations:\ \ \pard\tx220\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\li720\fi-720\pardirnatural \ls5\ilvl0\cf0 {\listtext \'95 }The path set in the WIRESHARK_APP_DIR environment variable\ {\listtext \'95 }/Applications/Wireshark.app\ {\listtext \'95 }The first path returned by \f2 mdfind "kMDItemCFBundleIdentifier == 'org.wireshark.Wireshark'" \f1 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural \cf0 \ If you move Wireshark.app the script should automatically find it. If it doesn't you will have to set WIRESHARK_APP_DIR to the path to (and including) Wireshark.app. Automatic discovery might fail if you have multiple copies of Wireshark installed on your system or if Spotlight indexing isn't working properly.}