Allowing Access to the Network Interfaces
When starting the new WireShark you will notice that you can't do any sniffing, as there are no network interfaces available.
To allow this, the BPF devices need to be accessable by WireShark. For more details have a look into Utilities → Startup → README.macosx on the WireShark disk image.
The following commands in Terminal will install the necessary files to set the BPF permissions. Then all users with administrator rights will be able to sniff packets.
sudo -s cd /Library/StartupItems cp -pR /Volumes/Wireshark/Utilities/Startup ChmodBPF chown -R root:wheel ChmodBPF exit
After a reboot, WireShark should be able to access all network interfaces.
Optional: Installing Command Line Versions of WireShark
If you want to be able to use the WireShark utilities on the command line (Terminal), install some small scripts on your system.
sudo install -p /Volumes/Wireshark/Utilities/Command\ Line/* /usr/local/bin
If you haven't installed the WireShark application into /Applications, you have to tell the command line scripts, where to find it.
Open .profile with an editor and add the line
export WIRESHARK_APP_DIR="<Directory, where WireShark resides>/Wireshark.app"
Then close all existing Terminal windows. With a new Terminal session you should be able to access WireShark utilities.
Public Comment