The other day I was playing with network simulator called GNS3.
GNS3 is a hardware emulation package (or as recondite geeks like to say “hypervisor”) that lets you setup and connect virtual appliances like Cisco routers and switches. It’s great because you can setup complete networks, Windows 2012 Active Directory domain controllers, web servers or really any network topology your incandescent mind can dream up. And the entire network environment is insular. It doesn’t interfere with your production network. So you can test and break things without any worries. GNS3 is a great tool. It’s free and can keep you entertained for hours.
I’ve used GNS3 on my Windows 8.1 machine but never on my Mac.
So I’m new to this whole thing – but I figured I share what I learned today.
After setting up the app, I realized if I right clicked a virtual ethernet cable (the black lines that connect the devices) a pop-up would sprout telling me that I could start a capture.
Intrigued, I realized that I could capture packets between my virtual devices and analyze the protocols! This really got me going because I knew it would help me understand how the protocols worked and really grasp the fundamentals of TCP/IP networking.
So what did I do?
Well, GNS3 doesn’t ship with a protocol analyzer so I needed to get my own.
I quickly grabbed the DMG, dumped it in my Applications folder (Shift + Command + a) and fired up the app.
The blue dorsal fin icon began to bounce in the Dock as if to say “Look at me! Look at Me!” but then something unexpected happened…
I was greeted with a screen asking me where something called X11 was located?
What the heck is X11 and why didn’t this happen on my PC?
I did some Googling and discovered X11 is the thing that makes UNIX pretty. It’s the graphical user interface (GUI) for UNIX apps. Back in the late 90s when I left the dark and austere world of MS-DOS for Windows 95, UNIXphiles where dragging and minimizing windows in a system called X-Windows (or sometimes X11).
WireShark needs the X11 interface to run. I needed to get this X11 thing.
Fortunately this turned out to be super easy. There’s a nifty little program called XQuartz that lets Mac users run applications that need the X11 environment. To run WireShark all I needed to do was download and install XQuartz.
The installer breezed through the first 5/8ths of the process but then seemed to hang on Running package scripts where it ironically said I had about a minute remaining in the install time.
Don’t you hate it when that happens? The installer makes you wait until 99%. There’s a single pixel of space between it and the 100% mark but then it just gives up and says “Ha, I was just kidding! I’m going to make you wait even longer”
Man that was one looooong minute. It was probably stuck here for 15 full minutes. I actually thought the application froze but it was really just moving at a glacial pace.
Once the second ice age passes, click the WireShark icon and wait an equally long time for it to startup. For some reason it took my poor Macbook Air an eternity to start the app.
If that happens to you, press Command + q to quit Wireshark then the second time it starts up you should see the Where is X11? window again.
But this time we have it – we know exactly where X11 is – we just need to know where to look.
Click Browse and scroll down to X11 in the Utilities folder.
After clicking Choose in the bottom right corner of the Finder, you’ll see Wireshark attempt to startup but it still needs a little help. The XQuartz icon should automatically leap into your dock after you attempt to open Wireshark (Command + Shift, “wireshark”)
It’ll still take a while for the application to startup the first time; however I expedited the process by closing and reopening the application three times before it caught on.
Don’t worry, If you installed XQuartz, Wireshark will load you just have to wait about five minutes before it opens on the initial load.
Thank God this was only the case for the initial start. Subsequent starts opened appreciably quicker.
Now back in GNS3, it’s really easy to capture traffic in your virtual lab.
Start all your devices (or all relevant devices) by click the Play button and then right click the link and choose Start Capture. A new Wireshark instance will spawn.
Right now it looks empty because my Virtual PC isn’t doing anything.
But we can spit out a few pings to change that!
Wow look at that.
You can actually see the ICMP echo replies and responses in the output when I ping my default gateway of 10.0.0.1.
There you go.
This may sound stupid but I literally spent hours trying to figure out how to get Wireshark working on my Mac. I didn’t want you to share my discomfiting journey so I figured I owed it to you…. I figured it was my duty to share how I did this.
I hope it helps! Cheers.