Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

wireshark docker container override preferences

I created my own docker image and preinstall there Wireshark to use tshark to analyze pcap files in my asp.net core application, here is part of my Dockerfile

FROM mcr.microsoft.com/dotnet/aspnet:5.0-focal AS base

# Install build wireshark, need to run as root
RUN echo "**** install packages ****" && \
    apt-get update && \
    apt-get install -yq software-properties-common && \
    apt-get install -y  wireshark && \
    apt-get install -yq tshark && \
    echo "**** permissions ****" && \
    setcap  'CAP_NET_RAW+eip CAP_NET_ADMIN+eip'     /usr/bin/dumpcap && \
    echo "**** cleanup ****" && \
    apt-get clean && \
    rm -rf  /tmp/*  /var/lib/apt/lists/*    /var/tmp/*

WORKDIR /app

#next part of Dockerfile is related to asp.net stuff

Everything is working well I can get the required info from pcap files using tshark commands inside docker container. I've faced the next issue I can't modify preferences of the default profile at least I can't even find where I can change it there is no GUI and I can use the only terminal. E.g. I need to enable transum protocol and add additional tcp ports to it:

# Add and remove ports numbers separated by commas
# Ranges are supported e.g. 25,80,2000-3000,5432
# A string denoting an positive integer range (e.g., "1-20,30-40")
transum.tcp_port_ranges: 25,80,443,1433,3389,102

# Add and remove ports numbers separated by commas
# Ranges are supported e.g. 123,137-139,520-521,2049
# A string denoting an positive integer range (e.g., "1-20,30-40")
#transum.udp_port_ranges: 137-139

# Set this to discard any packet in the direction client to service,
# with a 1-byte payload of 0x00 and the ACK flag set
# TRUE or FALSE (case-insensitive)
#transum.orphan_ka_discard: FALSE

# RTE data will be added to the first request packet
# TRUE or FALSE (case-insensitive)
transum.rte_on_first_req: TRUE

# RTE data will be added to the last request packet
# TRUE or FALSE (case-insensitive)
#transum.rte_on_last_req: TRUE

# RTE data will be added to the first response packet
# TRUE or FALSE (case-insensitive)
transum.rte_on_first_rsp: TRUE

# RTE data will be added to the last response packet
# TRUE or FALSE (case-insensitive)
transum.rte_on_last_rsp: TRUE

and how I can do it? I have tried to execute inside container tshark -G currentprefs and everything is commented except a couple of parameters, I don't know from where this infos come

and also I have tried cli command tshark -o transum.tcp_port_ranges: 25,80,443,1433,3389,102 - not working and I have got an error

tshark: Invalid -o flag "transum.tcp_port_ranges:"