wireshark3 3.0.2_1: no "wireshark" executable (just Wireshark.app)

[ewenmcneill (Ewen McNeill)]

Prior versions of wireshark were able to be run from the command line as, eg, wireshark PCAP_FILE, which is convenient when using scp/sftp to download a PCAP file from elsewhere to analysis.

With the wireshark3 package, there is no wireshark executable any more, because it is now delivered as a native macOS application (eg, /Applications/MacPorts/Wireshark.app) which means that it needs a new way to open the application (and depending on how the PCAP files are named, might need two steps -- one to open the application and one to locate and open the PCAP file).

It would be helpful to include a wireshark wrapper script to bridge this gap, perhaps something like this (which I put in /usr/local/bin/wireshark myself after stumbling across this "why can't I run wireshark" issue repeatedly while trying to analyse downloaded PCAP files...):

#! /bin/sh
# This is a wrapper so we can run "wireshark FILE" and have it open.
#
# With wireshark3, MacPorts ships a native QT3 application (Wireshark.app)
# instead of an X11 port, and calls it Wireshark.app, and puts it outside
# the shell search path. 
#---------------------------------------------------------------------------

if [ -n "${1}" ]; then
    exec open -a /Applications/MacPorts/Wireshark.app "$@"
else
    exec open /Applications/MacPorts/Wireshark.app
fi

That seems to work for me for both of the common cases that I regularly use, ie "wireshark" by itself will open the application, and "wireshark PCAP_FILE" will open the application for the PCAP file.

ewen@ashram:~$ port contents wireshark3 | grep /bin/
  /opt/local/bin/capinfos
  /opt/local/bin/captype
  /opt/local/bin/dumpcap
  /opt/local/bin/editcap
  /opt/local/bin/idl2wrs
  /opt/local/bin/mergecap
  /opt/local/bin/randpkt
  /opt/local/bin/rawshark
  /opt/local/bin/reordercap
  /opt/local/bin/sharkd
  /opt/local/bin/text2pcap
  /opt/local/bin/tshark
ewen@ashram:~$ 

[ghosthound]

You can run the "Wireshark" binary inside the app bundle from the command line like:

/opt/local/Applications/Wireshark.app/Contents/MacOS/Wireshark

or

/opt/DP/Applications/Wireshark.app/Contents/MacOS/Wireshark /tmp/test01.pcap

Please re-open if that doesn't work for you.

[ewenmcneill (Ewen McNeill)]

/opt/local/Applications/Wireshark.app/Contents/MacOS/Wireshark doesn't exactly roll off the fingers like "wire<TAB>" :-)

/opt/local/Applications/Wireshark.app/Contents/MacOS isn't on my $PATH (nor is /Applications/MacPorts/Wireshark.app/Contents/MacOS on my $PATH, which AFAICT is the equivalent on my system). It doesn't seem like a particularly good idea to put a bunch of single-executable directories on my $PATH just for occasional use (since they'll potentially be searched for any command run).

If you don't want to provide any backwards compatibility in how to run wireshark from the command line (ie, to wireshark/wireshark2 packages), and to leave each user to reinvent a similar work around to mine themselves, then sure, WONTFIX this ticket.

I only opened the ticket because it seemed like something that could be easily provided. Even having the package do something like:

    ln -s ${destroot}${applications_dir}/Wireshark.app/Contents/MacOS/Wireshark ${destroot}${prefix}/bin/wireshark

would provide useful backwards compatibility (note: lowercase wireshark, so it tab completes the way it used to -- even though macOS filesystems are normally case insensitive, bash's tab completion assumes case sensitivity...).

Either way, I've got my work around implemented (as /usr/local/bin/wireshark). So I'm just trying to save others the pain of spending half an hour figuring out what happened to the ability to start wireshark from the command line like I did (at least twice). Maybe they'll just have to rely on Googling for the workaround.... :-)

Ewen