Wireshark is not showing interfaces in Ubuntu container without privileged mode
I've installed wireshark and xrdp in Ubuntu 18.04 Container. After starting the container with the --privileged
mode and taking RDP connection, I can see the wireshark running with having access to all the interfaces but, when I don't specify the --privileged
mode while running the container, then wireshark does not show any interfaces. So how do I configure the container so that,
- I should be able to run container without privileged mode and still should be able to see the interfaces
- Wireshark should not have access to all the interfaces of the host machine. It should have limited or customized access in which we should be able to mention to which interfaces it should have access to.
Where did you get the docker image from? Was that just a bare Ubuntu 18.04 image (which one?), where you added Wireshark and XRDP yourself, or was it all pre-installed?
I have pulled the image from the Ubuntu official repository from docker hub. After that I've installed the Wireshark and XRDP manually and after taking the rdp I can see all the interfaces only if I start the container in privileged mode.
Did you create specific users in the container to access Wireshark via RDP with?
I've not created separate user. Ubuntu container has only one user i.e root and I'm using the same for RDP login.
Which interface are you wanting to capture from in the container? Probably the one where the RDP session is running over as well?
I want to capture all the interfaces of the host machine. Here is the complete scenario: I want to create multiple Ubuntu containers in which Wireshark is installed. And I want to let users to access those containers via RDP and to performs the tasks related to Wireshark. So wireshark should work in the same way it works on the normal Ubuntu machine but without starting the container in privileged mode. If I start the container in privileged mode then wireshark shows all the interfaces but then it's too risky.