Beautiful Wireshark on OS X using Homebrew and GTK+3/Quartz

According to common wisdom GTK+ applications are not nice on OS X. They use XQuartz to draw widgets on the screen which is slower than native Quartz interface and the gray theme is not very appealing either. But does it have to stay this way? Could not GTK+ applications look more “native” on OS X?

They could! In six easy steps we can transform Wireshark to look way more elegant with the help of Homebrew, a package manager for OS X, GTK+3 the latest stable version of the toolkit and GNOME’s standard themes. (The steps are collected at the end of this post. The instructions assume no prior installation of brew packages. If you would like to remove all previously installed packages run “brew list | xargs brew uninstall”.)

Homebrew is a good alternative to installing software on OS X from source and Wireshark is already packaged there. Two commands let us start using it, but first we need to install XQuartz:

# install XQuartz from http://xquartz.macosforge.org, sorry, it is a manual step
# and you also have to logout, then login to start using it
# install Homebrew
ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
# install Wireshark (and ccache to recompile stuff faster)
brew install ccache wireshark
brew uninstall wireshark
brew install --build-from-source wireshark --with-gtk+

Well, it works, but it is not exactly nice. The default install uses GTK+2 which is an older version of the toolkit.

Wireshark-gtk2

Let’s try using GTK+3, which step needs some changes to Homebrew’s formulas

# remove packaged Wireshark
brew uninstall wireshark
# install hub which lets you experiment with other Homebrew branches
brew install hub
# Pull my repo until every commit gets accepted to Homebrew core
cd $(brew --repository)
hub pull https://github.com/rbalint/homebrew-gtk-quartz
# build Wireshark from source, now using GTK+3
brew install --build-from-source wireshark --with-gtk+3

The widgets became slightly nicer, but we are far from being satisfied with that, right? The fonts still look very different from the fonts of other applications and we still use XQuartz. Note the big “X” in the lower right corner.

Wireshark-gtk3

The bigger part of the changes were needed to enable building libraries without XQuartz support, and for the sake of simplicity let’s start over with Homebrew and compile Wireshark with GTK/Quartz

# start over: clean up everything installed by Homebrew
brew list | xargs brew uninstall

#install packages we don't have to recompile to use Quartz
brew install ccache d-bus fontconfig freetype gettext glib gmp icu4c libffi libpng libtasn1 libtiff pkg-config xz hicolor-icon-theme gsettings-desktop-schemas c-ares lua portaudio geoip gnutls libgcrypt atk pixman hub
 
# install XQuartz from http://xquartz.macosforge.org
# Well, some builds will need the header files/libs, but you don't have to re-login
# and actually use XQuartz
 
#compile the rest of GTK+ 3 related libraries
brew install --build-from-source at-spi2-core at-spi2-atk cairo harfbuzz pango gtk+3 gtk+ librsvg gnome-themes-standard wireshark --without-x --without-x11 --with-gtk+3

The fonts became nicer, the shortcuts are shown like “^K” and we don’t see the big “X”. Probably the rendering of the widgets became faster as well, but I can’t tell. We successfully switched to Quartz!

Wireshark-gtk3-quartz

.. But Wireshark is still gray, like before. It is no surprise, since we installed GNOME themes, but haven’t enabled them yet. Let’s finish the polish:

mkdir -p ~/.config/gtk-3.0
echo "[Settings]" > ~/.config/gtk-3.0/settings.ini
echo "gtk-theme-name = Adwaita" >> ~/.config/gtk-3.0/settings.ini

Wireshark-gtk3-quartz-adwaitaVoilà! GTK+ applications are considered to be ugly on OS X because no one installs the standard themes! Using XQuartz as a GTK+ backend also did not help, but I think the themes brought the biggest difference.

Enjoy the new look and check other applications as well if they could be improved!


These are the minimal steps collected to get nice GTK+3 applications and Wireshark ready for being copy-pasted:

# install Homebrew, you will also need XCode with Command Line Tools installed
ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"

# install packages we don't have to recompile to use Quartz
brew install ccache d-bus fontconfig freetype gettext glib gmp icu4c libffi libpng libtasn1 libtiff pkg-config xz hicolor-icon-theme gsettings-desktop-schemas c-ares lua portaudio geoip gnutls libgcrypt atk pixman
     
# install XQuartz from http://xquartz.macosforge.org
# Well, some builds will need the header files/libs, but you don't have to re-login
# and actually use XQuartz

# this may be needed by gtk+3 install (at least on my system with a previous installation)
brew link --overwrite gsettings-desktop-schemas

# compile the rest of GTK+ 3 related libraries
brew install --build-from-source at-spi2-core at-spi2-atk cairo harfbuzz pango gtk+3 gtk+ librsvg gnome-icon-theme wireshark --without-x --without-x11 --with-gtk+3

Thanks to Seb Shader’s post for describing the process of installing GTK+3/Quartz on OS X from source. I used most of his steps in updating the Homebrew formulas.

Update: Wireshark, and other GTK+ based programs could be beautiful on Windows as well, but Tarnyko, who packaged the latest GTK+3 Windows bundles needs help due to lack of time he can dedicate to the project. Please help him if you would like to see nicer GTK+ on Windows!

Update 2: With the release of GTK+ 3.14 Adwaita became the default theme thus installing and setting up Adwaita from gnome-themes-standard step can be omitted. The minimal steps collected at the end of the instructions are updated to reflect that, while the rest of the post documents the original steps creating a nicer looking Wireshark using GTK+ 3.12.

Update 3: With all the related changes merged to Homebrew’s master there is no need to use my repository anymore following the minimal steps.

26 thoughts on “Beautiful Wireshark on OS X using Homebrew and GTK+3/Quartz

  1. Pingback: Sharkfest 2014 Recap | Packet Foo

  2. Vincent Murphy

    OK. Now its working. I think your instructions are missing two cd commands,
    cd $(brew --repository) before hub pull
    and cd ~ before mkdir -p

    Thanks!

    Reply
    1. Réczey Bálint Post author

      Some of my changes have been accepted but there are also other incompatible changes in the main Homebrew repository which prevent merging. I’ll update my branches in a few days.

      Reply
  3. Jason

    I’m having trouble with building gnome-themes-standard. This seems to be a problem with SVG support. I can find lots of bugs on other platforms where gtk-pixbuf-query-loaders –update-cache resolved the issue, but it doesn’t work for me. Below are the errors from the build:

    Making install in metacity-1
    make[4]: Nothing to be done for `install-exec-am’.
    ../../.././install-sh -c -d ‘/usr/local/share/themes/Adwaita/metacity-1’
    /usr/bin/install -c -m 644 metacity-theme-2.xml metacity-theme-3.xml ‘/usr/local/share/themes/Adwaita/metacity-1’
    Making install in gtk-3.0
    CC libadwaita_la-adwaita_utils.lo
    CC libadwaita_la-adwaita_engine.lo
    GEN gtk.gresource
    CCLD libadwaita.la
    failed to load “./assets/dnd-counter.svg”: Couldn’t recognize the image file format for file ‘./assets/dnd-counter.svg’
    gtk.gresource.xml: Child process exited with code 1.
    make[3]: *** [gtk.gresource] Error 1
    make[3]: *** Waiting for unfinished jobs….
    make[2]: *** [install-recursive] Error 1
    make[1]: *** [install-recursive] Error 1
    make: *** [install-recursive] Error 1

    HOMEBREW_VERSION: 0.9.5
    HEAD: d0363f2815bfd4881cd31aec03e884496012cac8
    CPU: 8-core 64-bit haswell
    OS X: 10.9.4-x86_64
    Xcode: 5.1.1
    CLT: 5.1.0.0.1.1396320587
    X11: 2.7.6 => /opt/X11

    Reply
    1. Réczey Bálint Post author

      I think you need to rebuild librsvg. Have you followed only this guide or you had other installed packages prior to starting the installation?

      Reply
      1. Owen Pragel

        This is what solved the issue for me – searching for that error shows that people have issues with this in multiple environments. Some of those threads discuss issues with cairo and gdk-bixbuf. Hoping to speed things, I rebuilt cairo and gdk-pixbuf as well in case it was needed.

        brew uninstall cairo gdk-pixbuf librsvg
        brew install --build-from-source cairo gdk-pixbuf librsvg

        Afterwards I was able to run the install just fine:

        brew install --build-from-source at-spi2-core at-spi2-atk harfbuzz pango gtk+3 gtk+ gnome-themes-standard wireshark --without-x --without-x11 --with-gtk+3

        PS. Thank you very much for the instructions Réczey – makes Wireshark feel much more like a proper OS X app. However, I would have appreciated a note before the first code block on the page (after ‘first we need to install XQuartz:’) that says to look at the minimal step section at the bottom if the user is willing to except the disclaimer that running the commands without a ‘brew list | xargs brew uninstall’ beforehand isn’t covered by the tutorial. Hoping to see more posts!

        Reply
  4. Jason

    This isn’t working again. Even starting over with ‘brew list | xargs brew uninstall’

    For some reason the theme icons are not getting created.

    (wireshark:58077): Gtk-WARNING **: Error loading theme icon ‘document-open’ for stock: Icon ‘document-open’ not present in theme

    (wireshark:58077): Gtk-WARNING **: Error loading theme icon ‘image-missing’ for stock: Icon ‘image-missing’ not present in theme

    (wireshark:58077): GLib-GObject-CRITICAL **: g_object_ref: assertion ‘G_IS_OBJECT (object)’ failed

    (wireshark:58077): GdkPixbuf-CRITICAL **: gdk_pixbuf_get_n_channels: assertion ‘GDK_IS_PIXBUF (pixbuf)’ failed

    I confirmed gdk-pixbuf-query-loaders shows svg and refreshed the loaders cache in both /usr/local/lib and also in the Cellar. Some of the problem is that the above command defaults to the Cellar on my system and the libraries supporting svg are only copied into /usr/local/lib and not symlinked. They don’t exist in the Cellar that my system looks at by default at all. I started with gdk-pixbuf so I could manually fix before building anything else and it still didn’t work.

    Reply
  5. Jason

    In my build, Wireshark’s own icons still appear at a low resolution. Are these cached somewhere? Is there another GTK option I can set in settings.ini to help with this? I noticed on your screenshots your capture, stope, etc. icons do not appear to be lower rez like mine.

    Reply
    1. Réczey Bálint Post author

      I’m not sure what you see but I have not noticed any difference.
      Most probably the changes are related to Homebrew’s GTK+ upgrade to 3.14. My screenshots were created using GTK+ 3.12.

      Reply
  6. manchmod

    got this mostly working based on latest instructions. Thanks for all your hard work on this, I’m finally able to ditch macports.

    One problem, I’m missing some of the drop down icons from the packet list and header detail views. They still drop down but the UI cues are missing… see screenshot:

    http://imgur.com/fVfCTTx

    tried reinstalling gnome-icon-theme and rebuilding the pixbuf-query-loaders…

    any thoughts?

    Reply
    1. Réczey Bálint Post author

      I noticed that, too, but could not find the root cause. Since there is no change in Wireshark I assume this is a regression in GTK+, please ask GTK+/Homebrew devs.

      Reply
      1. manchmod

        I also noticed that on retina displays the icons are huge.. probably related to iconsets

        http://imgur.com/6AVRLra

        Ill take a look at the gtk+3 port and see if anything jumps out, and reach out to the devs…

        thanks again

        Reply
  7. Jason

    I’m curious.. why are you passing the –without-x option? Which formula is picking this up?

    Reply
    1. Réczey Bálint Post author

      It may not be needed now. At the time I wrote the first version of the post it was needed for some formulas, but apparently they have been updated.
      There are some formulas still having the ‘without-x’ option:
      homebrew-gtk.git$ git grep 'without-x' | grep -v '.--without-x[0-9a-zA-Z"]' | grep -v args
      Library/Formula/cairomm.rb: option 'without-x', 'Build without X11 support'
      Library/Formula/clutter-gtk.rb: option "without-x", "Build without X11 support"
      ...

      Reply
  8. Josh

    Firstly, great wiki, I love the new interface.

    I have one problem though, not sure if anybody else encountered it. In the “packet details” tab, there should normally be a left aligned icon for fields that can be expanded. This is missing in my installation. Has anybody else run into this fault or does somebody know a workaround?

    Reply
  9. Pingback: Port Numbers reused | Packet Foo | Analyzing network packets since 2003

  10. S.M.Mousavi

    There is second version of Wireshark now that works on Mac OS 10.11 without any requirement

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.