Subscribe
OS X Tip #18
This is a tip for advanced users. You will need to have the admin password (the password you type in when installing any software or updates) and be able to follow these steps to install Ethereal. If you do not know what Ethereal is, you may not care. For those who do care. Ethereal is a sophisticated GUI for the tcpdump command-line utility, and runs under Fink or DarwinPorts in Apple’s X11 windows environment. Ethereal is free and open source and is better than many tools that cost thousands of dollars in the past.
Ethereal is a much touted and now ubiquitous packet capture and sniffing tool used by networking experts, developers, and yes, hackers. It is used for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you might expect in a protocol analyzer, and several features not seen in other products. Ethereal being open source, allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows. But not natively on Mac OS X. Here, I will show you how to run it on OS X.
Installing and running Ethereal on OS X is a bit of a challenge as there are no binary installers for OS X. In order use Ethereal on OS X you need to install, compile, then run it in the Apple X11 windows environment. This tip is for advanced users to give them the information to not only use Ethereal on OS X. But to make it more “Mac-like” in how they launch it. You do not need to be a UNIX geek to do this so do not worry. Although, this is a long tip (hardly a quick tip) it is not that really hard. Just follow it step by step.
I got tired of using a Windows machine only to use Ethereal. I wanted to use my PowerBook. As I knew Ethereal could run in the X11 environment. I found the information on how to do it scattered around. So I felt I would give you the steps to do this yourself, all in one place.
Basically the outline for this install of Ethereal goes like this:
Download and install the tools described below. Update Fink if it is needed using CVS from command line using Terminal. Install and compile Ethereal from the command line using Terminal. Use AquaEthereal to make a launcher and an OS X icon for Ethereal. Move Ethereal icon to Application folder and Dock so you can launch it like all your other OS X applications.
This will work on Tiger, as that is what I used. Works on Panther also (AquaEthereal runs on Tiger, use XDroplets for Panther. See below). First off you will need to gather and install the following stuff on your OS X machine:
1) Install Apple’s developer tool Xcode 2.1.
This will also be on the commercial OS X install disc if you have it. It is only installed if you specifically choose it when you installed OS X. If you do not have it, download it here. You will need to register as an Apple online developer, but this is free. Just follow the instructions and install it like any other application. By the way do not be afraid to check out Xcode as it is a great development tool. Xcode will be needed for compiling for this project.
2) Install X11 for Mac OS X window environment.
This available free from XFree86 Project. You can download this from Apple site here.
You will need this to run Ethereal on OS X as it needs the X11 window environment to run as it is not a native OS X application as of yet. The X11 window environment allows you to run thousands of UNIX applications on OS X.
Tiger Users
For Tiger users Apple has put the x11 installer on your Tiger Install disk. This is a newer version (1.1) and you will have to install it from the disk. The one on the website will probably not work with Tiger.
It is however a bit hard to find. Put the Install 1 of your restore disks or the DVD Install disk from the commercial boxed version of Tiger in your Mac and scroll down until you find a package called “Optional Installs”.
Double click on this package and look in the Applications list of the install window. Install x11 from here.
3) Download Fink from Sourceforge here.
Fink is an attempt to bring the full world of Unix Open Source software to Darwin and Mac OS X. Packages are downloaded and built automatically and installed into a tree managed by dpkg, all with full dependency tracking.
*Please note you may need to update Fink to make this all work (unless Fink has been updated before you try this install). Fink was at 0.80 when I did this and it needed updating to run Ethereal for me on Tiger. Don’t worry I will show you. If you are having problems with Fink or if Fink needs updating see the instructions below. If you are running Tiger I suggest the Fink 0.8.0 Binary Installer (18609 KB) which will simplify the install of Fink.
Let’s compile Ethereal. Fink will do all of the hard work. All you need to do is open Terminal in the Applications -> Utilities folder. Into the Terminal window, type (remember, white-spaces matter a lot on the command line. You may copy and paste the code below):
Press the Return key and type your admin password and then press the Return key again. Fink will then list Ethereal’s dependencies that need to be installed and ask if you want to continue. Press Return key and Fink will start downloading all of the files needed. Once they are all downloaded it will start compiling and installing the binaries and libraries that Ethereal requires including Ethereal itself. This may take up to 15 minutes or so. You may want to read all my other tips while you wait. 
After Fink is done installing and compiling you will be ready to run Ethereal for the first time. This is how:
Go to your Applications -> Utilities folder and launch the X11 application (just double click on it). Once X11 launches you will see a window called xterm (this is a Terminal window).
You will need to create a font cache that Ethereal needs to run. This will only need to be done once. In the X11 Terminal window, type (remember again, white-spaces matter a lot on the command line):
Press the Return key type your admin password and press the Return key again. The required font cache should now be created. Now let’s launch Ethereal for the first time. Just type the following into the X11 Terminal window:
Press Return key type your admin password and press Return key again. Ethereal should now launch. You will see the Ethereal GUI displayed in X11. This is the way you would normally have to start Ethereal each time you want to use it by typing:
in the X11 terminal window. Ethereal needs your admin password to access the system components it needs to work.
Launcher and Icons
Now let’s automate the launching process so you do not need to use command line just to start Ethereal.
I highly recommend using the free AquaEthereal if you are running Tiger. AquaEthereal is an application launcher with included icon, written in Python for the Unix-based Ethereal network monitoring program when using Apple’s X11 environment. This is the easiest fastest way to make a launcher and OS X icon for Ethereal.
Or as an alternate you can use Martin Fuhrer’s XDroplets if you are running Panther to make Ethereal launch a lot like all your other OS X applications. It uses some AppleScript magic to do this and is also a free download.
4) Download the AquaEthereal.
This is the easiest way to create a launcher and icon for Ethereal. Just download AquaEthereal, move the AquaEthereal icon to the Applications folder and Dock. To begin Ethereal, just click on the AquaEthereal icon in the Dock.This launches the X11 environment. AquaEthereal then prompts you for an administrator password, since Ethereal itself must be run under these conditions. You can rename AquaEthereal to just Ethereal if you like.
As an alternate to AquaEthereal there is the XDroplets Collection here.
“XDroplets”, allows integration of X11 programs with the Mac OS X environment. It works with Tiger of Panther. XDroplets provide for X11 programs can be launched via the Finder or Dock. Documents can be opened via drag and drop and X11 automatically gets launched if it is not already open.
When using XDroplets you will need to either create a custom Ethereal icon or just stay with the XDroplets default one. I suggest you add the an Ethereal icon to further customize the look and feel making this more like an OS X application. You will need to use PhotoShop, Freehand, and some icon maker software to create your own icon.
I found a nice Ethereal icon from Jamie Poitra’s website that he built from scratch. Download his Ethereal icon from here.
So you can add this icon to XDroplets and put icon in the Applications folder and on the Dock.
Changing icons in OS X is a snap. Just Control-Click (or Command+i) on the icon you downloaded and choose Get Info. Click once on icon in the upper left corner and choose copy under Edit menu (or Command+C).
Then Control-Click on the XDroplet Ethereal launcher icon and choose Get Info. Click once on icon in the upper left corner and choose paste under Edit menu (or Command+V). Your XDroplet Ethereal launcher icon should now look like the Ethereal icon. Now you can rename it Ethereal, move it to your Application folder and add it to your Dock. Double clicking this icon will now launch Ethereal in the X11 enviroment for you. You are done!
Hint: Using the Network Utility located in the Applications -> Utility folder you can find out the different network interfaces in Info to start using Ethereal.
Updating Fink via CVS
Updating Fink is not hard using CVS. CVS – Concurrent Versions System. CVS is an open source version control system. This only needs to be done if Ethereal will not run. It just takes a few more minutes. Open up Terminal (located in Applications -> Utilities folder).
Type:
For more infor on updating Fink see their website.
Problems with Fink?
If the Fink installer reports that it had trouble adding the binary path to your shell preferences you will need to add the binary path yourself. Just open up a new Terminal window.
Type:
Press Return key, type in your admin password and press Return key again and you will have opened up your shell preferences file in the PICO text editor. Now you need to add the two lines below to the preferences file:
PATH=$PATH:/sw/bin
source /sw/bin/init.sh
Add these lines and type Control-X, then Y, then press Return key to save these changes.
Now you can configure Fink. Open a new Terminal window so the preferences file you just edited is reloaded.
Type:
Press Return key, enter your admin password and press Return key again. Press Return key until you get to the line that says:
Should Fink try to download pre-compiled packages from the binary distribution if available?
Type N and press Return key. Press Return key until you get to the line that says this:
Proxy and Firewall settings:
Enter the URL of the HTTP proxy to use, or ‘none’ for no proxy.
The URL should start with http:// and may contain your username, password or port specifications.
example: http://yourusername:yourpassword@yourhostname:port
If there is a proxy server between your machine and the Internet you will need to enter the proxy information here. You will need to get this information from your system admin as this will vary. You can try looking in the Network panel in System Preferences under the Proxies tab for what the settings might be. If you are on your home internet connection then chances are you don’t need to do anything here with proxy settings.
When you are done entering your proxy settings press Return key. If you had to edit the proxy preferences in the previous step you may need to type Y and press Return on this line so that FTP connections go through the proxy as well.
More Fink help can be found at the Fink website.
OK, this is a great tip. How do I use Ethereal you ask? Well that is well beyond the scope of an already too long “quick tip”. But luckily there are plenty of places to find out this information. Here are some I found:
Ethereal
Top Ten Ethereal Tips and Tricks
Installing and Using Ethereal
Ethereal Packet Sniffing (Paperback)
*Tip – When using Ethereal there may be times you will need to connect using a “hub” so you can see sniff traffic in both directions. This sounds easy, but many “hubs” today are actually inexpensive switches. It is actually hard to find a real “hub” as many devices from Linksys, D-Link, and Netgear are packaged as “hubs” and you will find they are actually switches. I have seen the Netgear DS104 and DS108 Hubs work well with Ethereal. I recommend using this one. This is still available, but hard to find in some stores.
Need some other cool tools? Try these?
KisMac
MacStumbler
iStumbler
the one thing that i had to do in addition to this tutorial was, after installing ethereal, was to install gtk+2. To do that, in Terminal, type fink install gtk+2. After that everything worked fine.
I keep getting this error when I try to perform ‘fink selfupdate’. Thoughts? I have tried to delete the file also. No luck.
? 10.4-transitional/unstable/main/finkinfo/x11-wm/metacity.patch
cvs update: move away 10.4-transitional/unstable/main/finkinfo/x11/pcb.patch; it is in the way
C 10.4-transitional/unstable/main/finkinfo/x11/pcb.patch
### execution of /usr/bin/su failed, exit code 1
Failed: Updating using CVS failed. Check the error messages above.
Sorry, I have not seen this error when I installed Ethereal. Other than looking around on the Fink website I have no direct answer. Maybe someone else reading this site will offer a suggestion.