# [linuxserver/wireshark](https://github.com/linuxserver/docker-wireshark) [![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-wireshark.svg?style=flat-square&color=E68523&logo=github&logoColor=FFFFFF)](https://github.com/linuxserver/docker-wireshark) [![GitHub Release](https://img.shields.io/github/release/linuxserver/docker-wireshark.svg?style=flat-square&color=E68523&logo=github&logoColor=FFFFFF)](https://github.com/linuxserver/docker-wireshark/releases) [![GitHub Package Repository](https://img.shields.io/static/v1.svg?style=flat-square&color=E68523&label=linuxserver.io&message=GitHub%20Package&logo=github&logoColor=FFFFFF)](https://github.com/linuxserver/docker-wireshark/packages) [![GitLab Container Registry](https://img.shields.io/static/v1.svg?style=flat-square&color=E68523&label=linuxserver.io&message=GitLab%20Registry&logo=gitlab&logoColor=FFFFFF)](https://gitlab.com/Linuxserver.io/docker-wireshark/container_registry) [![Quay.io](https://img.shields.io/static/v1.svg?style=flat-square&color=E68523&label=linuxserver.io&message=Quay.io)](https://quay.io/repository/linuxserver.io/wireshark) [![MicroBadger Layers](https://img.shields.io/microbadger/layers/linuxserver/wireshark.svg?style=flat-square&color=E68523)](https://microbadger.com/images/linuxserver/wireshark "Get your own version badge on microbadger.com") [![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/wireshark.svg?style=flat-square&color=E68523&label=pulls&logo=docker&logoColor=FFFFFF)](https://hub.docker.com/r/linuxserver/wireshark) [![Docker Stars](https://img.shields.io/docker/stars/linuxserver/wireshark.svg?style=flat-square&color=E68523&label=stars&logo=docker&logoColor=FFFFFF)](https://hub.docker.com/r/linuxserver/wireshark) [![Build Status](https://ci.linuxserver.io/view/all/job/Docker-Pipeline-Builders/job/docker-wireshark/job/master/badge/icon?style=flat-square)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireshark/job/master/) [![](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/wireshark/latest/badge.svg)](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/wireshark/latest/index.html) [Wireshark](https://www.wireshark.org/) is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998. ## Supported Architectures Our images support multiple architectures such as `x86-64`, `arm64` and `armhf`. We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/). Simply pulling `linuxserver/wireshark` should retrieve the correct image for your arch, but you can also pull specific arch images via tags. The architectures supported by this image are: | Architecture | Tag | | :----: | --- | | x86-64 | latest | | arm64 | arm64v8-latest | | armhf | arm32v7-latest | ## Usage Here are some example snippets to help you get started creating a container from this image. ### docker ``` docker create \ --name=wireshark \ --net=host \ --cap-add=NET_ADMIN \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Europe/London \ -p 3000:3000 `#optional` \ -v /path/to/config:/config \ --restart unless-stopped \ linuxserver/wireshark ``` ### docker-compose Compatible with docker-compose v2 schemas. ```yaml --- version: "2.1" services: wireshark: image: linuxserver/wireshark container_name: wireshark cap_add: - NET_ADMIN network_mode: host environment: - PUID=1000 - PGID=1000 - TZ=Europe/London volumes: - /path/to/config:/config ports: ports: - 3000:3000 #optional restart: unless-stopped ``` ## Parameters Docker images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. ### Ports (`-p`) | Parameter | Function | | :----: | --- | | `3000` | WireShark desktop gui, only use this if you are not using host mode and sniffing Docker network traffic. | #### Networking (`--net`) | Parameter | Function | | :-----: | --- | | `--net=host` | Use Host Networking | ### Environment Variables (`-e`) | Env | Function | | :----: | --- | | `PUID=1000` | for UserID - see below for explanation | | `PGID=1000` | for GroupID - see below for explanation | | `TZ=Europe/London` | Specify a timezone to use EG Europe/London. | ### Volume Mappings (`-v`) | Volume | Function | | :----: | --- | | `/config` | Users home directory in the container, stores program settings and potentially dump files. | ## User / Group Identifiers When using volumes (`-v` flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic. In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below: ``` $ id username uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup) ``` ## Application Setup The application can be accessed at: * http://yourhost:3000/ By default the user/pass is abc/abc, if you change your password or want to login manually to the GUI session for any reason use the following link: * http://yourhost:3000/?login=true In order to dump from an interface you will need to pass `NET_ADMIN` at a minimum, optionally you can use host networking to capture from your host level device or specify a Docker network you want to capture from. If you do not specificy host networking you will need to map port 3000 with `-p 3000:3000`. ## Docker Mods [![Docker Mods](https://img.shields.io/badge/dynamic/yaml?style=for-the-badge&color=E68523&label=mods&query=%24.mods%5B%27wireshark%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=wireshark "view available mods for this container.") We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to enable additional functionality within the containers. The list of Mods available for this image (if any) can be accessed via the dynamic badge above. ## Support Info * Shell access whilst the container is running: * `docker exec -it wireshark /bin/bash` * To monitor the logs of the container in realtime: * `docker logs -f wireshark` * Container version number * `docker inspect -f '{{ index .Config.Labels "build_version" }}' wireshark` * Image version number * `docker inspect -f '{{ index .Config.Labels "build_version" }}' linuxserver/wireshark` ## Versions * **31.03.20:** - Initial release.