Ask Your Question
0

How to setup wireshark in a docker container?

asked 2021-01-19 06:47:50 +0000

flash gravatar image

updated 2021-01-21 15:22:54 +0000

Jaap gravatar image

I've installed wireshark in a privileged Ubuntu container and I don't want wireshark to have access to interfaces of host OS so that user won't be able to capture the packets of host OS. How do I configure wireshark for the same.

edit retag flag offensive close merge delete

Comments

Not sure how your interfacing is setup. I would expect an ethernet pair connecting your container to the docker0 bridge. That would not allow you to see the host OS interfaces.

Jaap gravatar imageJaap ( 2021-01-20 20:15:35 +0000 )edit

My container setup is as below:

  1. I've pulled the Ubuntu 18 image and installed Wireshark, xrdp on it.
  2. After starting the container and connecting it through RDP (Remmina), I can see all the interfaces in the wireshark. (when I start the container with privileged mode. Without this flag wireshark does not show any interfaces). So I want to restrict the wireshark from using the host os interfaces.

I have not done any setup for interfaces

flash gravatar imageflash ( 2021-01-21 11:01:47 +0000 )edit

I doubt you see all interfaces, unless you deploy with --net=host

thediveo gravatar imagethediveo ( 2023-06-22 20:47:24 +0000 )edit

What do you want to capture or where to capture from? You exclude host interfaces, but then you can only capture traffic that reaches your container or originates in it? What do you want to do?

thediveo gravatar imagethediveo ( 2023-06-22 20:48:53 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-01-21 15:21:53 +0000

Jaap gravatar image

Don't run docker in privileged mode. It grants way too much access. Lookup to properly setup Wireshark capture capabilities in Debian and Ubuntu, which is documented in many places. This assuming you're setting up users in your docker container. Otherwise this is more of a docker configuration question than a Wireshark question.

edit flag offensive delete link more

Comments

Okay. Thanks. Can you give me the link for such documents or blogs if you have?

flash gravatar imageflash ( 2021-01-25 11:13:51 +0000 )edit
thediveo gravatar imagethediveo ( 2023-06-22 20:51:12 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2021-01-19 06:47:50 +0000

Seen: 3,219 times

Last updated: Jan 21 '21

Related questions

How do I change the interface on Tshark?

how to see the interface details in Wireshark 2.6.1?

Dumpcap captures traffic, but Wireshark and Tshark can't see the interfaces

Wireshark 2.4.1 GTK Crash on long run

Why redirection of VoIP calls to voicemail fails?

Capture incoming packets from remote web server

How do I get and display packet data information at a specific byte from the first byte?

Client is waiting for FIN flag from server for 30 sec

wifi disconnects as wireshark starts

How do I add "child item" to an item in the subtree?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2