Ask Your Question

newbe tried to start wireshark and get the message: "(wireshark:30765): Gtk-WARNING **: cannot open display:"

asked 2017-11-04 19:52:19 +0000

mindsuk gravatar image

updated 2017-11-05 00:58:38 +0000

Jaap gravatar image

Hi all

I installed a 3CX system on a Debian virtual machine. Because I have some problems with an IP phone, I installed Wireshark over ssh (within my macbook terminal). I´m an absolute newbie with Debian and Wireshark!

I started like this..

Tinos-MB-Air:~ tino$ ssh [email protected]
[email protected]'s password: 

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent 
permitted by applicable law.
Last login: Sat Nov  4 20:43:53 2017 from
[email protected]:~# wireshark 
Unable to init server: Verbindung ist gescheitert:Verbindungsaufbau abgelehnt

(wireshark:30879): Gtk-WARNING **: cannot open display:

[email protected]:~#

How can I get the Wireshark GUI on my macbook screen? Please help!

thanks a lot


edit retag flag offensive close merge delete

3 Answers

Sort by » oldest newest most voted

answered 2017-11-07 10:17:03 +0000

crondaemon gravatar image

You have some options for capturing:

1) using wireshark on debian (like you did). To do this, you need to install xauth on debian, run an X server on your machine, connect with ssh with -X and run wireshark.

2) use sshdump. Install tcpdump on debian. Install wireshark on your machine, run it and scroll down the interface list. When you find ssh, click on the gear on the left and you'll be provided with a dialog you have to fill. Provide the necessary info (remote machine ip, username, etc), and the module will do the job for you.

3) capture the traffic on debian and transfer the capture file to your machine. Open it with wireshark.

edit flag offensive delete link more

answered 2017-11-04 21:09:02 +0000

Uli gravatar image

You need to have a X11-Server running on your macOS.

After installing X11 start your ssh session with '-Y' parameter to forward X11 from your Debian system to your macOS.

edit flag offensive delete link more


One other thing: don't run Wireshark as root.

Jaap gravatar imageJaap ( 2017-11-05 00:59:29 +0000 )edit


Okay! The Problem is, that I don‘t know the password of the other users. How could I create a new user only for wireshark?

mindsuk gravatar imagemindsuk ( 2017-11-05 19:00:46 +0000 )edit

The Debian Administrators Handbook should be able to help you with that. Afterwards add the created user to the wireshark group

Jaap gravatar imageJaap ( 2017-11-05 21:21:31 +0000 )edit

answered 2017-11-05 09:33:33 +0000

Guy Harris gravatar image

Unless the IP phone is running on the Mac or on another virtual machine on the Mac, the 3CX PBX will have to go through the Mac to communicate with it, so you might be able to run Wireshark on the Mac and capture on whatever interface is on the same LAN as the IP phone or whatever other piece of equipment traffic to and from the IP phone passes through (switch, wireless access point, etc.).

Even if it is on the Mac or another virtual machine on the Mac, you might be able to capture on an interface provided by the virtual machine software. My Mac is running Sierra and VMware Fusion 10, and if I capture on vmnet8 it sees traffic from a ping I'm doing on a virtual machine to a site on the Internet.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2017-11-04 19:52:19 +0000

Seen: 629 times

Last updated: Nov 07