Wireshark is almost a Native Species on OSX

Wireshark LogoI must have been living under a deep sea rock or something because I have been running Wireshark for a while now on my Mac and since Mountain Lion was released, it has been necessary to install XQuartz so that there’s an X-Server running on the machine, and Wireshark then runs using X for its GUI. This isn’t the sweetest of arrangements – truth be told the app looks clunky and, well, like it’s written using X-Windows for its GUI. Still, at least it meant I still had Wireshark, so I was willing to tolerate the quirks of running Wireshark on OS X, not limited to the app running but not displaying the app window anywhere (supposedly a “feature” introduced when Apple changed how Spaces worked in Mountain Lion).

I recently reinstalled Wireshark on my home MacBook Pro and, oh, what’s this?

Wireshark 1.99 (Development Release) on OS X

Wireshark Menu

This does not look like the usual XQuartz menu. In fact wait, Wireshark isn’t in its own window with its own menus; it’s acting like an honest to goodness native application and using the OS X menu bar! Did Wireshark quietly go native?

I searched the interwebs looking for some kind of news release about this, and really haven’t found anything. Mind you, this is the dev release, so maybe the stable release (1.12.0) is still running in XQuartz? I removed the 1.99 version and installed 1.12.0, and on running it I was prompted to tell Wireshark the location of X11. I believe that’s what we call conclusive – behind the scenes, the amazing folks who develop Wireshark have been working on a new native version for OSX. I think I love you. All of you. Here’s the About screen for the 1.99 dev version:

Wireshark About Screen

The Final X11 Wireshark Release – 1.12.0

I did eventually find a comment on the release announcement for 1.12.0 (below) which confirmed that 1.12.0 is the last release that will require X11, as Wireshark is moving from GTK+ to Qt:

Wireshark Comment

That undoubtedly means that there are other posts covering this topic, but they may have low google sauce as I did not immediately find them. Nonetheless, this is cool. It is as stated, a development release, so things are not perfect yet. For example, the first time I run Wireshark 1.99 on OS X Yosemite, I seem to get this error:

Wireshark Error

However, quitting and running the program again immediately is successful:

Wireshark Successful Startup

You can see that for each interface, Wireshark starts plotting a cute little activity graph – this makes it very easy to see which interfaces you might want to tap.

HECK, YES!

I find it hard to put into words how exciting a development this is. Proper integration with the cut and paste buffers! Normal OS X application behavior! No need for XQuartz! Better-looking graphics! Seriously, this is a fantastic step forward and I can’t wait for it to get out of development and be released. It’s a huge step forward for Wireshark on OS X, and I think there are many like nerds out there who will be thrilled to hear about this. I’m going to continue running 1.99 for the moment, but I have the 1.12.0 installer ready just in case I hit a bug and need a more reliable version.

 

30 Blogs in 30 Days

This post is part of my participation in Etherealmind’s 30 Blogs in 30 Days challenge.

3 Comments on Wireshark is almost a Native Species on OSX

  1. I was so happy to install 1.199.1 but I think we need to wait few more weeks.

    I am using Wireshark for SIP analysis, but I still see many improvements there.

    Anyway, thank you for working so hard and make our life easier!

Leave a Reply

Your email address will not be published.


*