brew install Wireshark

brew-install-wireshark-output.shell

☁ brew install Wireshark
==> Installing dependencies for wireshark: gettext, libffi, glib, libtasn1, gmp, nettle, gnutls, libgcrypt, d-bus, geoip, c-ares
==> Installing wireshark dependency: gettext
==> Downloading https://homebrew.bintray.com/bottles/gettext-0.19.5.1.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring gettext-0.19.5.1.yosemite.bottle.tar.gz
==> Caveats
This formula is keg-only, which means it was not symlinked into /usr/local.

OS X provides the BSD gettext library and some software gets confused if both are in the library path.

Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:

    LDFLAGS:  -L/usr/local/opt/gettext/lib
    CPPFLAGS: -I/usr/local/opt/gettext/include

==> Summary
🍺  /usr/local/Cellar/gettext/0.19.5.1: 1921 files, 22M
==> Installing wireshark dependency: libffi
==> Downloading https://homebrew.bintray.com/bottles/libffi-3.0.13.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring libffi-3.0.13.yosemite.bottle.tar.gz
==> Caveats
This formula is keg-only, which means it was not symlinked into /usr/local.

Some formulae require a newer version of libffi.

Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:

    LDFLAGS:  -L/usr/local/opt/libffi/lib

==> Summary
🍺  /usr/local/Cellar/libffi/3.0.13: 14 files, 412K
==> Installing wireshark dependency: glib
==> Downloading https://homebrew.bintray.com/bottles/glib-2.44.1.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring glib-2.44.1.yosemite.bottle.tar.gz
🍺  /usr/local/Cellar/glib/2.44.1: 416 files, 18M
==> Installing wireshark dependency: libtasn1
==> Downloading https://homebrew.bintray.com/bottles/libtasn1-4.5.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring libtasn1-4.5.yosemite.bottle.tar.gz
🍺  /usr/local/Cellar/libtasn1/4.5: 56 files, 572K
==> Installing wireshark dependency: gmp
==> Downloading https://homebrew.bintray.com/bottles/gmp-6.0.0a.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring gmp-6.0.0a.yosemite.bottle.tar.gz
🍺  /usr/local/Cellar/gmp/6.0.0a: 15 files, 3.2M
==> Installing wireshark dependency: nettle
==> Downloading https://homebrew.bintray.com/bottles/nettle-2.7.1.yosemite.bottle.1.tar.gz
######################################################################## 100.0%
==> Pouring nettle-2.7.1.yosemite.bottle.1.tar.gz
🍺  /usr/local/Cellar/nettle/2.7.1: 66 files, 1.7M
==> Installing wireshark dependency: gnutls
==> Downloading https://homebrew.bintray.com/bottles/gnutls-3.3.17.1.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring gnutls-3.3.17.1.yosemite.bottle.tar.gz
🍺  /usr/local/Cellar/gnutls/3.3.17.1: 1020 files, 8.8M
==> Installing wireshark dependency: libgcrypt
==> Downloading https://homebrew.bintray.com/bottles/libgcrypt-1.6.3_1.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring libgcrypt-1.6.3_1.yosemite.bottle.tar.gz
🍺  /usr/local/Cellar/libgcrypt/1.6.3_1: 16 files, 1.3M
==> Installing wireshark dependency: d-bus
==> Downloading https://homebrew.bintray.com/bottles/d-bus-1.8.14.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring d-bus-1.8.14.yosemite.bottle.tar.gz
==> /usr/local/Cellar/d-bus/1.8.14/bin/dbus-uuidgen --ensure=/usr/local/var/lib/dbus/machine-id
==> Caveats
To have launchd start d-bus at login:
  ln -sfv /usr/local/opt/d-bus/*.plist ~/Library/LaunchAgents
Then to load d-bus now:
  launchctl load ~/Library/LaunchAgents/org.freedesktop.dbus-session.plist
==> Summary
🍺  /usr/local/Cellar/d-bus/1.8.14: 39 files, 2.0M
==> Installing wireshark dependency: geoip
==> Downloading https://homebrew.bintray.com/bottles/geoip-1.6.6.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring geoip-1.6.6.yosemite.bottle.tar.gz
🍺  /usr/local/Cellar/geoip/1.6.6: 16 files, 720K
==> Installing wireshark dependency: c-ares
==> Downloading https://homebrew.bintray.com/bottles/c-ares-1.10.0.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring c-ares-1.10.0.yosemite.bottle.tar.gz
🍺  /usr/local/Cellar/c-ares/1.10.0: 57 files, 540K
==> Installing wireshark
==> Downloading https://homebrew.bintray.com/bottles/wireshark-1.12.6.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring wireshark-1.12.6.yosemite.bottle.tar.gz
==> Caveats
If your list of available capture interfaces is empty
(default OS X behavior), try the following commands:

  curl https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3373 -o ChmodBPF.tar.gz
  tar zxvf ChmodBPF.tar.gz
  open ChmodBPF/Install\ ChmodBPF.app

This adds a launch daemon that changes the permissions of your BPF
devices so that all users in the 'admin' group - all users with
'Allow user to administer this computer' turned on - have both read
and write access to those devices.

See bug report:
  https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3760
==> Summary
🍺  /usr/local/Cellar/wireshark/1.12.6: 265 files, 60M

InstallWireshark.md

Before You Begin

This release of Wireshark requires Macintosh OS X 10.5.5 or later, including X11.app. If you are running OS X 10.5.4 or older you can install using another packaging system such as MacPorts or Homebrew.

Quick Setup

Simply double-click the Wireshark package. For details about the installation read below.

What changes does the installer make?

The installer writes to the following locations:

•	/Applications/Wireshark.app. The main Wireshark application.
•	/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist. A launch daemon that adjusts permissions on the system's packet capture devices (/dev/bpf*) when the system starts up.
•	/Library/Application Support/Wireshark/ChmodBPF A copy of the launch daemon property list, and the script that the launch daemon runs.
•	/usr/local/bin. A wrapper script and symbolic links which will let you run Wireshark and its associated utilities from the command line. You can access them directly or by adding /usr/local/bin to your PATH if it's not already in your PATH.

Additionally a group named access_bpf is created. The user who opened the package is added to the group.

How do I uninstall?

1.	Remove /Applications/Wireshark.app
2.	Remove /Library/Application Support/Wireshark
3.	Remove the wrapper scripts from /usr/local/bin
4.	Unload the org.wireshark.ChmodBPF.plist launchd job
5.	Remove /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist
6.	Remove the access_bpf group.

How does the wrapper script work? What if I move Wireshark.app?

The script should find the Wireshark application bundle and run the appropriate executable automatically. It looks for Wireshark.app in the following locations:

•	The path set in the WIRESHARK_APP_DIR environment variable
•	/Applications/Wireshark.app
•	The first path returned by mdfind "kMDItemCFBundleIdentifier == 'org.wireshark.Wireshark'"

If you move Wireshark.app the script should automatically find it. If it doesn't you will have to set WIRESHARK_APP_DIR to the path to (and including) Wireshark.app. Automatic discovery might fail if you have multiple copies of Wireshark installed on your system or if Spotlight indexing isn't working properly.