Public | Automated Build

Last pushed: 2 days ago
Short Description
Run Wireshark inside a container
Full Description


Wireshark docker container

Wireshark is a useful tool for debugging your docker networking issues. If something is going wrong, just run this container inside any docker host and you will be able to view all traffic between docker containers.

This container can be executed in both local or remote machine.

Running in your own host:

$ docker run -ti --net=host --privileged -v $HOME:/root:ro -e XAUTHORITY=/root/.Xauthority -e DISPLAY=$DISPLAY manell/wireshark

Running in a remote host:

First, ssh into the remote machine.

$ ssh -X user@host

Then, just run the same command.

$ docker run -ti --net=host --privileged -v $HOME:/root:ro -e XAUTHORITY=/root/.Xauthority -e DISPLAY=$DISPLAY manell/wireshark

Don't forget to specify the -X flag to enable the X11 forwarding.

Docker Pull Command
Source Repository

Comments (3)
7 months ago

Hi, I'm really new to docker and I'm getting this error when running the container:

Can't create directory "/root/.config/wireshark" for recent file: Read-only file system.

Any ideas why??


2 years ago

If you want to share the unix socket with the container, you need to allow this container to connect to the socket. The easiest way to do that is by granting access to everybody running xhost +. This, however, is very insecure, so a better approach will be granting access only to the container:

docker run -ti --net=host --privileged -e DISPLAY=$DISPLAY -v=/tmp/.X11-unix:/tmp/.X11-unix manell/wireshark
export id=`docker ps -lq`
xhost +local:`docker inspect --format='{{ .Config.Hostname }}' $id`
docker start $id

In both cases, if you don't want to use the container anymore, run xhost - to remove the grant.
If you are concerned about the security of using xhost +, and not very comfortable with granting access to the container, you still can use:

docker run -ti --net=host --privileged -v $HOME:/root:ro -e XAUTHORITY=/root/.Xauthority -e DISPLAY=$DISPLAY manell/wireshark
2 years ago

When I attempt to run I get an error that the XDG_RUNTIME_DIR is not set in the environment.

bash-3.2$ docker run -ti --name wireshark --net=host --privileged -e "DISPLAY=$DISPLAY" -v="/tmp/.X11-unix:/tmp/.X11-unix:rw" manell/wireshark

(wireshark:1): WARNING : Could not open X display
error: XDG_RUNTIME_DIR not set in the environment.

(wireshark:1): Gtk-WARNING **: cannot open display: /tmp/launch-Y6FgPt/org.macosforge.xquartz:0

Any ideas?