Ethereal: Vista on my Dell vs Leopard on my MacBook

[CZ]

FYI

I just install Ethereal (very popular packet sniffer) into Leopard on my new
MacBook.
It takes about 2.5 minutes to install Ethereal in Vista, it takes about 3.5
hours in Leopard if you have complete and accurate install info; I could not
get such info, so it took considerably more time.


The following is a post I have made which lists the steps I used:

Re: Installing Ethereal into Leopard via Darwin Ports

It should take about 3.5 hours to complete if your setup is similar to mine:
2GHz Core 2 Dual Intel CPU, Santa Rosa chipset MacBook with 4 GB memory, and
a fast DSL (310 KBps DTR) Internet connection.

1. Create an Apple Developer user acct if you do not have one:
http://developer.apple.com
Required to download Xcode

2. Download/install Xcode Developer Tools:
(it is on OS X DVD #1, but download may be more current)
Go to http://developer.apple.com
Do a search on Xcode
Select Xcode 3
Login

Download stats:
File size: 1.16GB
Time: 1 hr, 10 min at 310 KB/sec

Reboot after download to increase amt of free memory
Double-click the DMG file
Double-click the XcodeTools.mpkg file

Time: 8 min
Reboot to increase free memory

3. Verify X11 is installed:
It is by default in Leopard
(for Tiger, you must install it from the OS X DVD disc)

4. Install X11SDK:
Insert Apple OS X DVD disc #1
Dbl click on "Optional Installs"
Dbl click on Packages folder
Dbl click on X11DSK.pkg file

Time: 30 seconds

5. Install Darwin Ports:
Download from: http://darwinports.com/download/
Double-click the downloaded DMG file
Double-click the .pkg file

Time: 10 min

6. Update Darwin Ports:
Use Terminal.app
Enter: sudo port -d selfupdate

If you get following error message: (I did)
Error: /opt/local/bin/port: selfupdate failed: Couldnt sync dports tree:
sync failed doing rsync

Then disable all firewalls on the Mac
(my NAT-router was not a problem)

Total time: 2 min
Check amt of free memory

7. Install Ethereal:
Use Terminal.app
Enter: sudo port install ethereal

Time: 1 hr, 15 min
CPU usage: both cores were used heavily at times

8. Build the font cache before launching Ethereal for the first time:
Use Terminal.app
Enter: sudo fc-cache
Do not need to run it again before using Ethereal

Total time: Few seconds

9: Run Ethereal:
Use Terminal.app
Enter: sudo /opt/local/bin/ethereal

10: If Ethereal crashes: (mine did)
And if Terminal.app shows following error message:
"BadMatch (invalid parameter attributes)"

Then download/install X11 v 2.1.3 from:
http://trac.macosforge.org/projects/xquartz

(Leopard's X11 has a bug)

11. Install AquaEthereal 1.2 to launch Ethereal from the Dock:
Download it from:
http://mac.softpedia.com/get/System-Utilities/AquaEthereal.shtml

Dbl click the .dmg dnload
Drag the .app file to the desktop:
(I drug it to the Application folder, but it would not show in the
Application folder)
Then drag that .app file to the Dock

12. Enable firewalls if you disabled them per above

 

[the wharf rat]

It should take about 3.5 hours to complete if your setup is similar to mine:

Why didn't you just download the source and build it yourself?
There's a handful of libraries you might or might not need to build first.

I'm not sure what point you meant to get across. Are you
complaining about ethereal (you didn't really install ethereal, did you?
That's obsolete and unsupported now. You really installed the current
wireshark, right?), OSX, or Windows?

10: If Ethereal crashes: (mine did)

If ethereal crashes try installing a supported version, i.e.,
www.wireshark.org. The ethereal project was abandoned a year or two
ago when the company the author worked for tried to assert intellectual
property rights to the material.

 

[CZ]

It should take about 3.5 hours to complete if your setup is similar to

mine:

Why didn't you just download the source and build it yourself?
There's a handful of libraries you might or might not need to build first.

I'm not sure what point you meant to get across. Are you
complaining about ethereal (you didn't really install ethereal, did you?
That's obsolete and unsupported now. You really installed the current
wireshark, right?), OSX, or Windows?

10: If Ethereal crashes: (mine did)

If ethereal crashes try installing a supported version, i.e.,
www.wireshark.org. The ethereal project was abandoned a year or two
ago when the company the author worked for tried to assert intellectual
property rights to the material.

WR:

Being new to OS X, Googling indicated the use of Fink or Darwin Ports (aka
MacPorts) was desirable.

The point I wanted to make was the difference in time and involvement:
2.5 min in Vista on a Dell, and 3.5 hrs in Leopard on the MacBook.

Ethereal has been my std packet sniffer for years in MS op systems.

Yes, I did install Ethereal v .99 on the Mac and it works great. I have not
used WireShark on my MS op system computers yet. Ethereal has been
excellent on my computers.

Ethereal and WireShark both have crashed (per Google) due to a bug in
Leopard's X11.
Apple has release a patch, but I used the one from
http://trac.macosforge.org/projects/xquartz

 

[the wharf rat]

The point I wanted to make was the difference in time and involvement:
2.5 min in Vista on a Dell, and 3.5 hrs in Leopard on the MacBook.

Are you sure the point you wanted to make wasn't "Vista rulez,
dood, look at how long it takes to install Ethereal on that sux-azz MAC
OS!!!" ?

It took you so long because you didn't do it right. If you'd turned
off the firewall, installed the required patches, and then installed
wireshark it wouldn't have taken all day, would it?

Ethereal has been my std packet sniffer for years in MS op systems.

A) You should use wireshark, since ethereal is no longer
completely supported
B) You shouldn't use windows machines for packet analysis. The
high OS overhead makes them unreliable for capturing high volume
packet streams. (That being said I mostly use a PII laptop because
98% of this kind of work involves debugging a WAN connection
running at MAYBE 10megabit...)

 

[CZ]

WR:
dood, look at how long it takes to install Ethereal on that sux-azz MAC
OS!!!" ?

My post was factual only. Users should know one of the issues in using a
Unix based op system.
off the firewall, installed the required patches, and then installed
wireshark it wouldn't have taken all day, would it?

Interesting comment. It was installed correctly, as it runs perfectly.
I assume that my notes can be used to install the Darwin Ports port of
WireShark if you simply exchange "wireshark" for "ethereal" in a few places
in my steps.
And I assume it would still take a number of hours.
Also, why don't you post detailed steps for installing WireShark in Leopard,
and compare the time spent vs the time spent installing it in Vista.

A) You should use wireshark, since ethereal is no longer

completely supported

I have no problems with using what works, and Ethereal works great.

B) You shouldn't use windows machines for packet analysis. The

high OS overhead makes them unreliable for capturing high volume
packet streams. (That being said I mostly use a PII laptop because
98% of this kind of work involves debugging a WAN connection
running at MAYBE 10megabit...)

Ethereal has worked fine in various MS op systems (Win2k, XP, Vista, Win2k3
server, SBS).
Did you ask me if I capture high volume packet streams?

I have spent about $1,500 on this new MacBook, and I can sincerely say that
it has value.
However, I would not drop my Vista-Dell portable for the MacBook.
The Leopard-MacBook combo is very nice, but I prefer the Vista-Dell combo.

So, do you currently own a Vista machine? Can you see any value in a Vista
computer?



My original post:
FYI

I just install Ethereal (very popular packet sniffer) into Leopard on my new
MacBook.
It takes about 2.5 minutes to install Ethereal in Vista, it takes about 3.5
hours in Leopard if you have complete and accurate install info; I could not
get such info, so it took considerably more time.


The following is a post I have made which lists the steps I used:

Re: Installing Ethereal into Leopard via Darwin Ports

It should take about 3.5 hours to complete if your setup is similar to mine:
2GHz Core 2 Dual Intel CPU, Santa Rosa chipset MacBook with 4 GB memory, and
a fast DSL (310 KBps DTR) Internet connection.

1. Create an Apple Developer user acct if you do not have one:
http://developer.apple.com
Required to download Xcode

2. Download/install Xcode Developer Tools:
(it is on OS X DVD #1, but download may be more current)
Go to http://developer.apple.com
Do a search on Xcode
Select Xcode 3
Login

Download stats:
File size: 1.16GB
Time: 1 hr, 10 min at 310 KB/sec

Reboot after download to increase amt of free memory
Double-click the DMG file
Double-click the XcodeTools.mpkg file

Time: 8 min
Reboot to increase free memory

3. Verify X11 is installed:
It is by default in Leopard
(for Tiger, you must install it from the OS X DVD disc)

4. Install X11SDK:
Insert Apple OS X DVD disc #1
Dbl click on "Optional Installs"
Dbl click on Packages folder
Dbl click on X11DSK.pkg file

Time: 30 seconds

5. Install Darwin Ports:
Download from: http://darwinports.com/download/
Double-click the downloaded DMG file
Double-click the .pkg file

Time: 10 min

6. Update Darwin Ports:
Use Terminal.app
Enter: sudo port -d selfupdate

If you get following error message: (I did)
Error: /opt/local/bin/port: selfupdate failed: Couldnt sync dports tree:
sync failed doing rsync

Then disable all firewalls on the Mac
(my NAT-router was not a problem)

Total time: 2 min
Check amt of free memory

7. Install Ethereal:
Use Terminal.app
Enter: sudo port install ethereal

Time: 1 hr, 15 min
CPU usage: both cores were used heavily at times

8. Build the font cache before launching Ethereal for the first time:
Use Terminal.app
Enter: sudo fc-cache
Do not need to run it again before using Ethereal

Total time: Few seconds

9: Run Ethereal:
Use Terminal.app
Enter: sudo /opt/local/bin/ethereal

10: If Ethereal crashes: (mine did)
And if Terminal.app shows following error message:
"BadMatch (invalid parameter attributes)"

Then download/install X11 v 2.1.3 from:
http://trac.macosforge.org/projects/xquartz

(Leopard's X11 has a bug)

11. Install AquaEthereal 1.2 to launch Ethereal from the Dock:
Download it from:
http://mac.softpedia.com/get/System-Utilities/AquaEthereal.shtml

Dbl click the .dmg dnload
Drag the .app file to the desktop:
(I drug it to the Application folder, but it would not show in the
Application folder)
Then drag that .app file to the Dock

12. Enable firewalls if you disabled them per above

 

[the wharf rat]

WR:

My post was factual only. Users should know one of the issues in using a
Unix based op system.

Your agenda's showing again.

The bug is in Apple's X11 port. It's got nothing to do with Unix
in general, or even BSD in particular. Wireshark builds just fine on Solaris,

Interesting comment. It was installed correctly, as it runs perfectly.

Your result was correct, but your procedure was wrong. Sort of like
baking a cake, forgetting to turn the oven on, complaining about Betty
Crocker, ***and then publishing a procedure that includes "FORGET TO TURN
OVEN ON. COME BACK IN FOUR HOURS, WHINE ABOUT RAW CAKE, THEN TURN OVEN ON"*** You could _probably_ leave that part out, hmmmm?

The correct procedure is not 2.5 pages of re-tries. It's just

- turn off firewall
- install required X11 patch
- install wireshark

now, isn't it?

Intellectual dishonesty really ticks me off.

And I assume it would still take a number of hours.

Umm, try 6 minutes or so.

1. Install X11 (if not installed already) from the MacOS install CD
2. Run System Update or manually get the update from
http://www.apple.com/support/downloads/x11update2006113.html
3. Install wireshark.

BFD.

I have no problems with using what works, and Ethereal works great.

Well, shit, I bet you'd be interested in the three dozen copies
of Windows 98SE I have in the garage! They work *GREAT*!!!

 

[the wharf rat]

The bug is in Apple's X11 port. It's got nothing to do with Unix

BTW this appears to have been fixed in 10.5

 

[CZ]

The bug is in Apple's X11 port. It's got nothing to do with Unix

BTW this appears to have been fixed in 10.5

WR:

I am using 10.5.1