Why is Wireshark getting "could not connect to display" when run from a Kubernetes pod?
Hi Team,
We are trying to integrate wireshark tool with our application, just to view the pcap log files via wireshark. Our application is based out of kubernetes pods running on Linux. So we have created a pod for wireshark, using the available wireshark docker image. And able to access the wireshark service from our application.
Usecase: When clicked on the pcap log file in my application, it should open the pcap file via wireshark GUI.
Below are the issues we face:
1) We are able to open the pcap files via wireshark manually only (Wireshark->File->Open). As searched in the documentation, there are no API's available to automate opening of files via wireshark. Any help here would be appreciated.
Limitation: Also the pcap files should be placed in the config folder before trying to open.
2) As the above is the case, tried to open the pcap file using the command line option: "wireshark -r <filename>" from the pod where wireshark is installed.
This throws the below error:
* (wireshark:138266) 11:24:50.830804 [GUI WARNING] -- could not connect to display * (wireshark:138266) 11:24:50.830877 [GUI ERROR] -- This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.
Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb.
Aborted (core dumped)
Tried installing wireshark-qt as well, still same issue.
Kindly assist if there are any API's available or any other way to open the pcap files via wireshark GUI. Let me know if additional information is needed.
Thanks in advance.
Does the machine on which you're trying to run Wireshark have a display, or is it headless, with, at most, a serial port console?
If it has a display, is the shell from which you're running Wireshark in a window on that display?
What do the commands
print?
My wireshark is running on a pod. I exec into the pod and tried the above commands. The result is empty.
And the code in the pod ultimately has to run on one or more machines. Do the machine or machines on which you're trying to run Wireshark have a display, or are they headless, with, at most, a serial port console?
Its a bastion server.
So I shall assume it's a headless server in a machine room, and that "We are able to open the pcap files via wireshark manually only" means you're running Wireshark on your desktop machine, rather than on the server, and that you've either copied the capture files from the server to your desktop machine or are accessing them from a file server.
Is that correct?