Skip to main content
Question

Deploying Wireshark


Forum|alt.badge.img+3
  • New Contributor
  • 8 replies

Hi all,
I'd like to have this available in Self Service. When I try it the way I have some applications set up, it just drops the DMG contents into the "/" directory. The DMG for Wireshark contains additional packages for ChmodBPF, so do I need to add those packages individually to Jamf? Should I use Composer to group the .app and the ChmodBPF packages into one Package? Just curious on how others are doing it, and if you have a good way, I'd rather not recreate the wheel here.

TIA,
Joey

13 replies

Forum|alt.badge.img+16
  • Valued Contributor
  • 182 replies
  • June 23, 2020

I used composer to make a package of /Applications/Wireshark.dmg

usually .dmg installers cannot be added directly into jamf and work properly


dlondon
Forum|alt.badge.img+14
  • Honored Contributor
  • 375 replies
  • June 25, 2020

This is what I did back in January:

Install Wireshark on a test system

You will be dragging the app to /Applications

Get rid of com.apple.quaratine attribute and change ownership to root:wheel for Wireshark.app in terminal (recurse)

Also install the ChmodBPF.pkg that's included with the download DMG from Wireshark

Change the file /Library/Application Support/Wireshark/ChmodBPF/ChmodBPF

so that

g+rw

becomes

go+rw

test by restarting and checking local and domain accounts

When happy use JAMF Composer to make a custom installation package

Drag the Wireshark.app to the bottom area of the sidebar on the left of Composer

Then add the following as a Postinstall script

#!/bin/sh
## postinstall
pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

# The ChmodBPF installer writes to the following locations:
#/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist. A launch daemon that adjusts permissions on the system’s packet capture devices (/dev/bpf*) when the system starts up.

#/Library/Application Support/Wireshark/ChmodBPF. A copy of the launch daemon property list, and the script that the launch daemon runs.

#The installer group named “access_bpf” is created. The user who opened the package is added to the group.

​/usr/sbin/installer -dumplog -verbose -pkg /Applications/Wireshark.app/Contents/Resources/Extras/Install\\ ChmodBPF.pkg -target /

sed -i.backup 's/g+rw/go+rw/'  /Library/Application\\ Support/Wireshark/ChmodBPF/ChmodBPF

# Uncomment the line below to add the wireshark executables to system path 

# /usr/sbin/installer -dumplog -verbose -pkg /Applications/Wireshark.app/Contents/Resources/Extras/Add Wireshark to the system path.pkg  -target /

exit 0      ## Success
exit 1      ## Failure

The above script will install ChmodBPF.pkg and modify ChmodBPF so that all users can access it


jmahlman
Forum|alt.badge.img+17
  • Valued Contributor
  • 307 replies
  • November 3, 2020

Thanks for the script @dlondon. As a note for anyone copying and pasting, there is an extra invisible char at the line

/usr/sbin/installer -dumplog -verbose -pkg /Applications/Wireshark.app/Contents/Resources/Extras/Install ChmodBPF.pkg -target /

So just remove the leading whitespace before using.


PWeber
Forum|alt.badge.img+1
  • New Contributor
  • 3 replies
  • October 26, 2021

Thanks, this worked great. I just had to edit two items in the script for it to work for me. Had to add the two red forward slashes shown below since there was a space.

​/usr/sbin/installer -dumplog -verbose -pkg /Applications/Wireshark.app/Contents/Resources/Extras/Install\\ ChmodBPF.pkg -target /

sed -i.backup 's/g+rw/go+rw/'  /Library/Application\\ Support/Wireshark/ChmodBPF/ChmodBPF

  


gadsden_flag
Forum|alt.badge.img+6
  • Contributor
  • 13 replies
  • December 11, 2021

Whats the path to update Wireshark 3.4.x. to 3.6?

I try to configure patch management to update 3.4.9 to 3.6.0 but not sure if this is correct. And what about users with 3.4.10? Just tell them to install version 3.6?
Any suggestions?
Thanks


PWeber
Forum|alt.badge.img+1
  • New Contributor
  • 3 replies
  • December 16, 2021

I have not used patch management for Wireshark but just looked and Jamf does not have v3.6 listed yet, only up to v3.4. I have been just packaging the new DMG as a PKG via Composer and placing that in Self Service. I will definitely try patch management once Jamf approves the new version.


PWeber
Forum|alt.badge.img+1
  • New Contributor
  • 3 replies
  • December 17, 2021

I just added Wireshark 3.6 to my Patch Management definitions and it works great. I just had to download and package the new PKG and upload it to Jamf.


gadsden_flag
Forum|alt.badge.img+6
  • Contributor
  • 13 replies
  • January 2, 2022
PWeber wrote:

I just added Wireshark 3.6 to my Patch Management definitions and it works great. I just had to download and package the new PKG and upload it to Jamf.


I found a solution by myself. I used the definition tab to just add the 3.6.1.pkg to the 3.4 branch. Works like a charm. So if a 3.4 user try to update he gets the 3.6.1 package.


Forum|alt.badge.img
  • New Contributor
  • 1 reply
  • March 23, 2022

Bouncing my question off of the initial question... Can I leave the application sole (without installing ChmodBPF and using a post install script) in Composer and have users install Chmod BPF after once they have installed Wireshark from Self Service?


dlondon
Forum|alt.badge.img+14
  • Honored Contributor
  • 375 replies
  • March 24, 2022
PWeber wrote:

Thanks, this worked great. I just had to edit two items in the script for it to work for me. Had to add the two red forward slashes shown below since there was a space.

​/usr/sbin/installer -dumplog -verbose -pkg /Applications/Wireshark.app/Contents/Resources/Extras/Install\\ ChmodBPF.pkg -target /

sed -i.backup 's/g+rw/go+rw/'  /Library/Application\\ Support/Wireshark/ChmodBPF/ChmodBPF

  


Thanks - corrected the script


Forum|alt.badge.img+11
  • Valued Contributor
  • 164 replies
  • August 12, 2022

I am assuming this is the same for Intel and M1 builds, right?


Forum|alt.badge.img

Yes, I have this deployed to 3 M1 Silicon Macbooks as well.


Forum|alt.badge.img+7
  • Contributor
  • 28 replies
  • September 27, 2022

Did anyone use this deployment to start an automated packet capture on Ethernet, right after the install? I'm trying to troubleshoot an ADE/DEP issue, where some of the policies in the sequence are just stopped in kind of a waiting state and the Splashbuddy cannot finish, and I'm thinking to deploy the Wireshark right before the Splashbuddy, but I don't know how I could start the packet capture at that point


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings