Skip to content

Docker image which makes Wireshark available via HTML5 using XPRA

Notifications You must be signed in to change notification settings

lambdalisue/docker-wireshark

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Note

This is a fork version that support multi-platform image mainly for Apple Silicon. Visit https://github.com/ffeldhaus/docker-wireshark for the original version.

Wireshark Web Container Image

Docker image which makes Wireshark available via Web browser using XPRA.

Usage

Run wireshark container. By default port 14500 will be used. Change docker port mapping to a different port if required (e.g. 5432/14500).

By default it should be sufficient to use the parameter --cap-add NET_ADMIN to allow Wireshark to capture traffic, but if Wireshark does not show any interfaces for capturing or shows permission errors, docker must be run with the parameter --privileged which grants extended privileges to the container but should be avoided if possible for security reasons. When using --net host to run the container as part of the host network, then published ports will be ignored and you need to make sure that port 14500 is accessible on your host and not blocked via firewall.

By default, the container uses the default self-signed certificate to offer SSL. If you want to specify your own certificate, you can overwrite the default SSL certificate with the docker parameter similar to --mount type=bind,source="$(pwd)"/ssl-cert.pem,target=/etc/xpra/ssl-cert.pem,readonly (make sure to put the ssl-cert.pem file in the current folder or modify the source path).

By default, Wireshark can only be accessed using a password. The default password is wireshark, but can be changed by setting the environment variable XPRA_PASSWORD.

Existing network traces can be uploaded to the container by drag & drop onto the Wireshark window.

It is useful to automatically restart the container on failures using the --restart unless-stopped parameter.

If you only want to analyze existing network traces and not collect data from network interfaces, use

docker run -p 14500:14500 --restart unless-stopped --name wireshark ghcr.io/lambdalisue/wireshark

If you wish to analyze traffic from network devices, you should run the container inside your host network with --net host and enable network capturing with --cap-add NET_ADMIN. When using --net host then published ports will be ignored and you need to make sure that port 14500 is accessible on your host and not blocked via firewall:

docker run --restart unless-stopped --name wireshark --net host --cap-add NET_ADMIN ghcr.io/lambdalisue/wireshark

If that didn't work, it may be necessary to start the container as priviliged

docker run --restart unless-stopped --name wireshark --net host --privileged ghcr.io/lambdalisue/wireshark

To allow analyzing traffic of network devices, change the password to connect and provide a custom SSL certificate, use

docker run --restart unless-stopped --name wireshark --net host --cap-add NET_ADMIN -e XPRA_PASSWORD=mypassword --mount type=bind,source="$(pwd)"/ssl-cert.pem,target=/etc/xpra/ssl-cert.pem,readonly ghcr.io/lambdalisue/wireshark

Access Wireshark via the browser using the IP/Hostname of your docker host, disable the XPRA floating menu with floating_menu=false and provide the password (change password=wireshark if you provided a different password via XPRA_PASSWORD) using e.g.

https://<yourhostname>:14500/?floating_menu=false&password=wireshark

If you want to allow to share your session, use

https://<yourhostname>:14500/?floating_menu=false&password=wireshark&sharing=true

Acknowledgements

This image would not have been possible without the great work from the following projects. Please consider supporting these projects:

About

Docker image which makes Wireshark available via HTML5 using XPRA

Resources

Stars

Watchers

Forks

Sponsor this project

 

Packages

 
 
 

Languages

  • Dockerfile 72.2%
  • Makefile 27.8%