newbe tried to start wireshark and get the message: "(wireshark:30765): Gtk-WARNING **: cannot open display:"

asked 2017-11-04 19:52:19 +0000

mindsuk
1 ●1 ●1 ●2

updated 2017-11-05 00:58:38 +0000

Jaap

13730 ●684 ●115

Hi all

I installed a 3CX system on a Debian virtual machine. Because I have some problems with an IP phone, I installed Wireshark over ssh (within my macbook terminal). I´m an absolute newbie with Debian and Wireshark!

I started like this..

Tinos-MB-Air:~ tino$ ssh [email protected]
[email protected]'s password: 

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent 
permitted by applicable law.
Last login: Sat Nov  4 20:43:53 2017 from tinos-mb-air.fritz.box
root@3cx:~# wireshark 
Unable to init server: Verbindung ist gescheitert:Verbindungsaufbau abgelehnt

(wireshark:30879): Gtk-WARNING **: cannot open display:

root@3cx:~#

How can I get the Wireshark GUI on my macbook screen? Please help!

thanks a lot

Tino

edit retag flag offensive close merge delete

Comments

I'm getting the same warning on CentOS does anyone know anything about that? I'm running it through a Hyper-V Virtual Machine.

chagai95 ( 2020-03-30 15:35:44 +0000 )edit

add a comment

3 Answers

Sort by » oldest newest most voted

answered 2017-11-05 09:33:33 +0000

Guy Harris
19890 ●3 ●633 ●207

Unless the IP phone is running on the Mac or on another virtual machine on the Mac, the 3CX PBX will have to go through the Mac to communicate with it, so you might be able to run Wireshark on the Mac and capture on whatever interface is on the same LAN as the IP phone or whatever other piece of equipment traffic to and from the IP phone passes through (switch, wireless access point, etc.).

Even if it is on the Mac or another virtual machine on the Mac, you might be able to capture on an interface provided by the virtual machine software. My Mac is running Sierra and VMware Fusion 10, and if I capture on vmnet8 it sees traffic from a ping I'm doing on a virtual machine to a site on the Internet.

edit flag offensive delete link

Comments

I'm getting the same warning on CentOS does anyone know anything about that? I'm running it through a Hyper-V Virtual Machine.

chagai95 ( 2020-03-30 15:35:53 +0000 )edit

add a comment

answered 2017-11-04 21:09:02 +0000

Uli
1123 ●1 ●25 ●23

You need to have a X11-Server running on your macOS.

After installing X11 start your ssh session with '-Y' parameter to forward X11 from your Debian system to your macOS.

edit flag offensive delete link

Comments

One other thing: don't run Wireshark as root.

Jaap ( 2017-11-05 00:59:29 +0000 )edit

@Jaap

Okay! The Problem is, that I don‘t know the password of the other users. How could I create a new user only for wireshark?

mindsuk ( 2017-11-05 19:00:46 +0000 )edit

The Debian Administrators Handbook should be able to help you with that. Afterwards add the created user to the wireshark group

Jaap ( 2017-11-05 21:21:31 +0000 )edit

I'm getting the same warning on CentOS does anyone know anything about that? I'm running it through a Hyper-V Virtual Machine.

chagai95 ( 2020-03-30 15:35:50 +0000 )edit

add a comment

answered 2017-11-07 10:17:03 +0000

crondaemon
1 ●2 ●1

You have some options for capturing:

1) using wireshark on debian (like you did). To do this, you need to install xauth on debian, run an X server on your machine, connect with ssh with -X and run wireshark.

2) use sshdump. Install tcpdump on debian. Install wireshark on your machine, run it and scroll down the interface list. When you find ssh, click on the gear on the left and you'll be provided with a dialog you have to fill. Provide the necessary info (remote machine ip, username, etc), and the module will do the job for you.

3) capture the traffic on debian and transfer the capture file to your machine. Open it with wireshark.

edit flag offensive delete link

Comments

I'm getting the same warning on CentOS does anyone know anything about that? I'm running it through a Hyper-V Virtual Machine.

chagai95 ( 2020-03-30 15:35:47 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

newbe tried to start wireshark and get the message: "(wireshark:30765): Gtk-WARNING **: cannot open display:"

Comments

3 Answers

Comments

Comments

Comments

Your Answer

Question Tools

Stats

newbe tried to start wireshark and get the message: "(wireshark:30765): Gtk-WARNING **: cannot open display:" edit

Comments

3 Answers

Comments

Comments

Comments

Your Answer

Question Tools

Stats

newbe tried to start wireshark and get the message: "(wireshark:30765): Gtk-WARNING **: cannot open display:"