linuxserver / docker-wireshark Goto Github PK

View Code? Open in Web Editor NEW

89.0 9.0 8.0 342 KB

License: GNU General Public License v3.0

Dockerfile 100.00%

docker-wireshark's Introduction

The LinuxServer.io team brings you another container release featuring:

regular and timely application updates
easy user mappings (PGID, PUID)
custom base image with s6 overlay
weekly base OS updates with common layers across the entire LinuxServer.io ecosystem to minimise space usage, down time and bandwidth
regular security updates

Find us at:

Blog - all the things you can do with our containers including How-To guides, opinions and much more!
Discord - realtime support / chat with the community and the team.
Discourse - post on our community forum.
Fleet - an online web interface which displays all of our maintained images.
GitHub - view the source for all of our repositories.
Open Collective - please consider helping us by either donating or contributing to our budget

linuxserver/wireshark

Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.

Supported Architectures

We utilise the docker manifest for multi-platform awareness. More information is available from docker here and our announcement here.

Simply pulling lscr.io/linuxserver/wireshark:latest should retrieve the correct image for your arch, but you can also pull specific arch images via tags.

The architectures supported by this image are:

Architecture	Available	Tag
x86-64	✅	amd64-<version tag>
arm64	✅	arm64v8-<version tag>
armhf	❌

Application Setup

In order to dump from an interface you will need to pass NET_ADMIN at a minimum, optionally you can use host networking to capture from your host level device or specify a Docker network you want to capture from.

The application can be accessed at:

Options in all KasmVNC based GUI containers

This container is based on Docker Baseimage KasmVNC which means there are additional environment variables and run configurations to enable or disable specific functionality.

Optional environment variables

Variable	Description
CUSTOM_PORT	Internal port the container listens on for http if it needs to be swapped from the default 3000.
CUSTOM_HTTPS_PORT	Internal port the container listens on for https if it needs to be swapped from the default 3001.
CUSTOM_USER	HTTP Basic auth username, abc is default.
PASSWORD	HTTP Basic auth password, abc is default. If unset there will be no auth
SUBFOLDER	Subfolder for the application if running a subfolder reverse proxy, need both slashes IE `/subfolder/`
TITLE	The page title displayed on the web browser, default "KasmVNC Client".
FM_HOME	This is the home directory (landing) for the file manager, default "/config".
START_DOCKER	If set to false a container with privilege will not automatically start the DinD Docker setup.
DRINODE	If mounting in /dev/dri for DRI3 GPU Acceleration allows you to specify the device to use IE `/dev/dri/renderD128`
LC_ALL	Set the Language for the container to run as IE `fr_FR.UTF-8` `ar_AE.UTF-8`
NO_DECOR	If set the application will run without window borders for use as a PWA.
NO_FULL	Do not autmatically fullscreen applications when using openbox.

Optional run configurations

Variable	Description
`--privileged`	Will start a Docker in Docker (DinD) setup inside the container to use docker in an isolated environment. For increased performance mount the Docker directory inside the container to the host IE `-v /home/user/docker-data:/var/lib/docker`.
`-v /var/run/docker.sock:/var/run/docker.sock`	Mount in the host level Docker socket to either interact with it via CLI or use Docker enabled applications.
`--device /dev/dri:/dev/dri`	Mount a GPU into the container, this can be used in conjunction with the `DRINODE` environment variable to leverage a host video card for GPU accelerated appplications. Only Open Source drivers are supported IE (Intel,AMDGPU,Radeon,ATI,Nouveau)

Language Support - Internationalization

The environment variable LC_ALL can be used to start this image in a different language than English simply pass for example to launch the Desktop session in French LC_ALL=fr_FR.UTF-8. Some languages like Chinese, Japanese, or Korean will be missing fonts needed to render properly known as cjk fonts, but others may exist and not be installed. We only ensure fonts for Latin characters are present. Fonts can be installed with a mod on startup.

To install cjk fonts on startup as an example pass the environment variables:

-e DOCKER_MODS=linuxserver/mods:universal-package-install
-e INSTALL_PACKAGES=font-noto-cjk
-e LC_ALL=zh_CN.UTF-8

The web interface has the option for "IME Input Mode" in Settings which will allow non english characters to be used from a non en_US keyboard on the client. Once enabled it will perform the same as a local Linux installation set to your locale.

Lossless mode

This container is capable of delivering a true lossless image at a high framerate to your web browser by changing the Stream Quality preset to "Lossless", more information here. In order to use this mode from a non localhost endpoint the HTTPS port on 3001 needs to be used. If using a reverse proxy to port 3000 specific headers will need to be set as outlined here.

Usage

To help you get started creating a container from this image you can either use docker-compose or the docker cli.

docker-compose (recommended, click here for more info)

---
services:
  wireshark:
    image: lscr.io/linuxserver/wireshark:latest
    container_name: wireshark
    cap_add:
      - NET_ADMIN
    security_opt:
      - seccomp:unconfined #optional
    network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /path/to/config:/config
    ports:
      - 3000:3000 #optional
      - 3001:3001 #optional
    restart: unless-stopped

docker cli (click here for more info)

docker run -d \
  --name=wireshark \
  --net=host \
  --cap-add=NET_ADMIN \
  --security-opt seccomp=unconfined `#optional` \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Etc/UTC \
  -p 3000:3000 `#optional` \
  -p 3001:3001 `#optional` \
  -v /path/to/config:/config \
  --restart unless-stopped \
  lscr.io/linuxserver/wireshark:latest

Parameters

Containers are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate <external>:<internal> respectively. For example, -p 8080:80 would expose port 80 from inside the container to be accessible from the host's IP on port 8080 outside the container.

Parameter	Function
`--net=host`	Use Host Networking
`-p 3000`	WireShark desktop gui, only use this if you are not using host mode and sniffing Docker network traffic.
`-p 3001`	WireShark desktop gui HTTPS, only use this if you are not using host mode and sniffing Docker network traffic.
`-e PUID=1000`	for UserID - see below for explanation
`-e PGID=1000`	for GroupID - see below for explanation
`-e TZ=Etc/UTC`	specify a timezone to use, see this list.
`-v /config`	Users home directory in the container, stores program settings and potentially dump files.
`--security-opt seccomp=unconfined`	For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker.

Portainer notice

This image utilises cap_add or sysctl to work properly. This is not implemented properly in some versions of Portainer, thus this image may not work if deployed through Portainer.

Environment variables from files (Docker secrets)

You can set any environment variable from a file by using a special prepend FILE__.

As an example:

-e FILE__MYVAR=/run/secrets/mysecretvariable

Will set the environment variable MYVAR based on the contents of the /run/secrets/mysecretvariable file.

Umask for running applications

For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional -e UMASK=022 setting. Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up here before asking for support.

User / Group Identifiers

When using volumes (-v flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user PUID and group PGID.

Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.

In this instance PUID=1000 and PGID=1000, to find yours use id your_user as below:

id your_user

Example output:

uid=1000(your_user) gid=1000(your_user) groups=1000(your_user)

Docker Mods

We publish various Docker Mods to enable additional functionality within the containers. The list of Mods available for this image (if any) as well as universal mods that can be applied to any one of our images can be accessed via the dynamic badges above.

Support Info

Shell access whilst the container is running:
```
docker exec -it wireshark /bin/bash
```
To monitor the logs of the container in realtime:
```
docker logs -f wireshark
```

Container version number:

docker inspect -f '{{ index .Config.Labels "build_version" }}' wireshark

Image version number:

docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/wireshark:latest

Updating Info

Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (noted in the relevant readme.md), we do not recommend or support updating apps inside the container. Please consult the Application Setup section above to see if it is recommended for the image.

Below are the instructions for updating containers:

Via Docker Compose

Update images:

All images:
```
docker-compose pull
```
Single image:
```
docker-compose pull wireshark
```

Update containers:

All containers:
```
docker-compose up -d
```
Single container:
```
docker-compose up -d wireshark
```

You can also remove the old dangling images:
```
docker image prune
```

Via Docker Run

Update the image:

docker pull lscr.io/linuxserver/wireshark:latest

Stop the running container:
```
docker stop wireshark
```
Delete the container:
```
docker rm wireshark
```
Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your /config folder and settings will be preserved)
You can also remove the old dangling images:
```
docker image prune
```

Image Update Notifications - Diun (Docker Image Update Notifier)

tip: We recommend Diun for update notifications. Other tools that automatically update containers unattended are not recommended or supported.

Building locally

If you want to make local modifications to these images for development purposes or just to customize the logic:

git clone https://github.com/linuxserver/docker-wireshark.git
cd docker-wireshark
docker build \
  --no-cache \
  --pull \
  -t lscr.io/linuxserver/wireshark:latest .

The ARM variants can be built on x86_64 hardware using multiarch/qemu-user-static

docker run --rm --privileged multiarch/qemu-user-static:register --reset

Once registered you can define the dockerfile to use with -f Dockerfile.aarch64.

Versions

10.02.24: - Update Readme with new env vars and ingest proper PWA icon.
02.01.24: - Rebase to Alpine 3.19.
13.05.23: - Rebase to Alpine 3.18.
18.03.23: - Rebase to KasmVNC base image.
23.10.22: - Rebase to Alpine 3.16, migrate to s6v3.
14.02.22: - Rebase to Alpine.
31.03.20: - Initial release.

docker-wireshark's People

Contributors

Stargazers

Watchers

Forkers

thiagogarciaalves rubicon rwilliams0331 andrewr94 smellyslab isabella232 yyy1867 sebsixsq

docker-wireshark's Issues

Password update with PASSWORD environment variable or secrets file doesn't work

Expected Behavior

The password should have been updated

Current Behavior

The new password doesn't work, the default abc/abc is still the one used

Steps to Reproduce

Add -e PASSWORD=hello to the run command
Login to web gui on port 3000
use login/password as: abc/hello (doesn't work, but abc/abc is kept)

Environment

OS:
Linux *** 5.13.0-40-generic #45~20.04.1-Ubuntu SMP Mon Apr 4 09:38:31 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

CPU architecture: x86_64/arm32/arm64
x86_64

How docker service was installed:

Using docker install docs

Command used to create docker container (run/create/compose/screenshot)

docker run -it --rm   --name=wireshark   --net=host   --cap-add=NET_ADMIN   -e PUID=1000   -e PGID=1000   -e TZ=Europe/London   -e PASSWORD=hello -p 3000:3000  linuxserver/wireshark:latest

Docker logs

 docker run -it --rm   --name=wireshark   --net=host   --cap-add=NET_ADMIN   -e PUID=1000   -e PGID=1000   -e TZ=Europe/London   -e PASSWORD=hello -p 3000:3000 -v $PWD:/config  linuxserver/wireshark:latest
WARNING: Published ports are discarded when using host network mode
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 01-migrations: executing...
[migrations] started
[migrations] no migrations found
[cont-init.d] 01-migrations: exited 0.
[cont-init.d] 02-tamper-check: executing...
[cont-init.d] 02-tamper-check: exited 0.
[cont-init.d] 10-adduser: executing...

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/


Brought to you by linuxserver.io
-------------------------------------

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    1000
User gid:    1000
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 13-keygen: executing...

Generating 2048 bit rsa key...

ssl_gen_key_xrdp1 ok

saving to rsakeys.ini

Generating a RSA private key
..........................................................................+++++
......................................................................+++++
writing new private key to '/etc/xrdp/key.pem'
-----
[cont-init.d] 13-keygen: exited 0.
[cont-init.d] 30-config: executing...
[cont-init.d] 30-config: exited 0.
[cont-init.d] 50-gid-video: executing...
[cont-init.d] 50-gid-video: exited 0.
[cont-init.d] 55-autostart-config: executing...
[cont-init.d] 55-autostart-config: exited 0.
[cont-init.d] 56-openboxcopy: executing...
[cont-init.d] 56-openboxcopy: exited 0.
[cont-init.d] 90-custom-folders: executing...
[cont-init.d] 90-custom-folders: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
xrdp-sesman[418]: [INFO ] starting xrdp-sesman with pid 418
[guac-init] Auto start not set, application start on login
[services.d] done.
guacd[432]: INFO:       Guacamole proxy daemon (guacd) version 1.1.0 started
guacd[432]: INFO:       Listening on host 0.0.0.0, port 4822
xrdp[420]: [INFO ] starting xrdp with pid 420
xrdp[420]: [INFO ] address [0.0.0.0] port [3389] mode 1
xrdp[420]: [INFO ] listening to port 3389 on 0.0.0.0
xrdp[420]: [INFO ] xrdp_listen_pp done
Starting guacamole-lite websocket server
listening on *:3000
[2022-06-22 17:35:58] [Connection 1]  Client connection open
[2022-06-22 17:35:58] [Connection 1]  Opening guacd connection
[2022-06-22 17:35:58] [Connection 1]  guacd connection open
[2022-06-22 17:35:58] [Connection 1]  Selecting connection type: rdp
[2022-06-22 17:35:58] [Connection 1]  Sending opCode: 6.select,3.rdp;
guacd[432]: INFO:       Creating new client for protocol "rdp"
guacd[432]: INFO:       Connection ID is "$e8c63c99-02ed-4bf7-a659-f13f6c79b43f"
[2022-06-22 17:35:58] [Connection 1]  Sending opCode: 4.size,4.1366,13.644?undefined,2.96;
[2022-06-22 17:35:58] [Connection 1]  Sending opCode: 5.audio,9.audio/L16;
[2022-06-22 17:35:58] [Connection 1]  Sending opCode: 5.video;
[2022-06-22 17:35:58] [Connection 1]  Sending opCode: 5.image;
[2022-06-22 17:35:58] [Connection 1]  Server sent handshake: 4.args,13.VERSION_1_1_0,8.hostname,4.port,6.domain,8.username,8.password,5.width,6.height,3.dpi,15.initial-program,11.color-depth,13.disable-audio,15.enable-printing,12.printer-name,12.enable-drive,10.drive-name,10.drive-path,17.create-drive-path,7.console,13.console-audio,13.server-layout,8.security,11.ignore-cert,12.disable-auth,10.remote-app,14.remote-app-dir,15.remote-app-args,15.static-channels,11.client-name,16.enable-wallpaper,14.enable-theming,21.enable-font-smoothing,23.enable-full-window-drag,26.enable-desktop-composition,22.enable-menu-animations,22.disable-bitmap-caching,25.disable-offscreen-caching,21.disable-glyph-caching,16.preconnection-id,18.preconnection-blob,8.timezone,14.recording-path,14.recording-name,24.recording-exclude-output,23.recording-exclude-mouse,22.recording-include-keys,21.create-recording-path,13.resize-method,18.enable-audio-input,9.read-only,16.gateway-hostname,12.gateway-port,14.gateway-domain,16.gateway-username,16.gateway-password,17.load-balance-info
[2022-06-22 17:35:58] [Connection 1]  Sending opCode: 7.connect,0.,9.127.0.0.1,4.3389,0.,0.,0.,4.1366,13.644?undefined,2.96,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,12.en-us-qwerty,3.any,4.true,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.;
guacd[458]: INFO:       Security mode: Negotiate (ANY)
guacd[458]: INFO:       Resize method: none
guacd[458]: INFO:       User "@00d6ff32-bec8-4237-939c-6eb3652ed06e" joined connection "$e8c63c99-02ed-4bf7-a659-f13f6c79b43f" (1 users now present)
guacd[458]: INFO:       Loading keymap "base"
guacd[458]: INFO:       Loading keymap "en-us-qwerty"
xrdp[420]: [INFO ] Socket 12: AF_INET connection received from 127.0.0.1 port 45286
xrdp[493]: [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
xrdp[493]: [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
xrdp[493]: [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|RDP], selected [SSL]
xrdp[493]: [INFO ] Connected client computer name: Guacamole RDP
xrdp[493]: [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
xrdp[493]: [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
xrdp[493]: [INFO ] xrdp_load_keyboard_layout: Keyboard information sent by the RDP client, keyboard_type:[0x04], keyboard_subtype:[0x00], keylayout:[0x00000409]
xrdp[493]: [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [us] options []
xrdp[493]: [INFO ] TLS connection established from 127.0.0.1 port 45286: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384
xrdp[493]: [INFO ] xrdp_caps_process_pointer: client supports new(color) cursor
xrdp[493]: [INFO ] xrdp_process_offscreen_bmpcache: support level 1 cache size 7864320 MB cache entries 2000
xrdp[493]: [WARN ] Client Capability: not enough orders supported by client, client wants off screen bitmap but offscreen bitmaps disabled
xrdp[493]: [WARN ] Dynamic Virtual Channel named 'drdynvc' not found, channel not initialized
xrdp[493]: [INFO ] Loading keymap file /etc/xrdp/km-00000409.ini
xrdp[493]: [WARN ] local keymap file for 0x00000409 found and doesn't match built in keymap, using local keymap file
xrdp[493]: [INFO ] connecting to sesman on 127.0.0.1:3350
xrdp-sesman[418]: [INFO ] Socket 8: AF_INET connection received from 127.0.0.1 port 58086
xrdp[493]: [INFO ] xrdp_wm_log_msg: sesman connect ok
xrdp[493]: [INFO ] sesman connect ok
xrdp[493]: [INFO ] sending login info to session manager. Please wait...
xrdp-sesman[418]: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty=xrdp-sesman ruser= rhost=  user=abc
xrdp-sesman[418]: [ERROR] pam_authenticate failed: Authentication failure
xrdp-sesman[418]: [INFO ] AUTHFAIL: user=abc ip=127.0.0.1 time=1655915766
xrdp-sesman[418]: [ERROR] sesman_data_in: scp_process_msg failed
xrdp[493]: [INFO ] xrdp_wm_log_msg: login failed for user abc
xrdp[493]: [INFO ] login failed for user abc
xrdp-sesman[418]: [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
xrdp[493]: [INFO ] connecting to sesman on 127.0.0.1:3350
xrdp-sesman[418]: [INFO ] Socket 8: AF_INET connection received from 127.0.0.1 port 58088
xrdp[493]: [INFO ] xrdp_wm_log_msg: sesman connect ok
xrdp[493]: [INFO ] sesman connect ok
xrdp[493]: [INFO ] sending login info to session manager. Please wait...
xrdp-sesman[418]: [INFO ] Terminal Server Users group is disabled, allowing authentication
xrdp-sesman[418]: [INFO ] ++ created session (access granted): username abc, ip 127.0.0.1:45286 - socket: 12
xrdp-sesman[418]: [INFO ] starting Xorg session...
xrdp-sesman[418]: [INFO ] Starting session: session_pid 495, display :10.0, width 1364, height 644, bpp 24, client ip 127.0.0.1:45286 - socket: 12, user name abc
xrdp-sesman[495]: [INFO ] [session start] (display 10): calling auth_start_session from pid 495
xrdp-sesman[418]: [ERROR] sesman_data_in: scp_process_msg failed
xrdp[493]: [INFO ] xrdp_wm_log_msg: login successful for user abc on display 10
xrdp[493]: [INFO ] login successful for user abc on display 10
xrdp-sesman[495]: pam_unix(xrdp-sesman:session): session opened for user abc(uid=1000) by (uid=0)
xrdp-sesman[418]: [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
xrdp[493]: [INFO ] loaded module 'libxup.so' ok, interface size 10296, version 4
xrdp[493]: [INFO ] started connecting
xrdp[493]: [INFO ] lib_mod_connect: connecting via UNIX socket

X.Org X Server 1.21.1.3
X Protocol Version 11, Revision 0
Current Operating System: Linux nuc1 5.13.0-40-generic #45~20.04.1-Ubuntu SMP Mon Apr 4 09:38:31 UTC 2022 x86_64
Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.13.0-40-generic root=UUID=5f6babb0-346d-41be-ae73-d68ac5acb5d8 ro quiet splash vt.handoff=7

Current version of pixman: 0.40.0
        Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(++) Log file: ".xorgxrdp.10.log", Time: Wed Jun 22 16:36:30 2022
(++) Using config file: "/etc/X11/xrdp/xorg.conf"
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
xorgxrdpSetup:
xrdpdevSetup:
rdpmousePlug:
rdpkeybPlug:
rdpIdentify:
rdpDriverFunc: op 10
rdpProbe:
rdpPreInit:
rdpScreenInit: virtualX 800 virtualY 600 rgbBits 8 depth 24
rdpScreenInit: pfbMemory bytes 1920000
rdpScreenInit: pfbMemory 0x7f50ba0c0300
rdpSimdInit: assigning yuv functions
rdpSimdInit: cpuid ax 1 cx 0 return ax 0x000a0660 bx 0x05100800 cx 0x7ffafbbf dx 0xbfebfbff
rdpSimdInit: sse2 amd64 yuv functions assigned
rdpClientConInit: disconnect idle session after [0] sec
rdpClientConInit: kill disconnected [0] timeout [0] sec
rdpXvInit: depth 24
rdpScreenInit: out
rdpCreateScreenResources:
rdpmousePreInit: drv 0x7f50ba5e1400 info 0x7f50b21f2d30, flags 0x0
rdpmouseControl: what 0
rdpmouseDeviceInit:
rdpmouseCtrl:
rdpRegisterInputCallback: type 1 proc 0x7f50ba29b3b1
rdpmouseControl: what 1
rdpmouseDeviceOn:
rdpkeybPreInit: drv 0x7f50ba5e14a0 info 0x7f50b1fcd010, flags 0x0
rdpkeybControl: what 0
rdpkeybDeviceInit:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat on
rdpRegisterInputCallback: type 0 proc 0x7f50ba2968a8
rdpkeybControl: what 1
rdpkeybDeviceOn:
rdpDeferredRandR:
rdpResizeSession: width 1024 height 768
  calling RRScreenSizeSet
rdpRRScreenSetSize: width 1024 height 768 mmWidth 271 mmHeight 203
rdpRRGetInfo:
  screen resized to 1024x768
  RRScreenSizeSet ok 1
rdpResizeSession: width 1364 height 644
  calling RRScreenSizeSet
rdpRRScreenSetSize: width 1364 height 644 mmWidth 361 mmHeight 170
rdpRRGetInfo:
  screen resized to 1364x644
  RRScreenSizeSet ok 1
xrdp[493]: [INFO ] lib_mod_log_peer: xrdp_pid=493 connected to X11rdp_pid=497 X11rdp_uid=1000 X11rdp_gid=1000 client_ip=127.0.0.1 client_port=45286
rdpClientConGotConnection:
rdpClientConGotConnection: g_sck_accept ok new_sck 7
rdpClientConGetConnection: idle_disconnect_timeout set to non-positive value, idle timer turned off
rdpAddClientConToDev: adding first clientCon 0x7f50ba2780c0
xrdp[493]: [INFO ] connected ok
rdpClientConProcessMsgVersion: version 0 0 0 1
rdpClientConProcessScreenSizeMsg: set width 1364 height 644 bpp 16
rdpClientConProcessScreenSizeMsg: shmemid 0 shmemptr 0x7f50ba0c2000
rdpClientConProcessMsgClientInput: invalidate x 0 y 0 cx 1364 cy 644
rdpInDeferredRepeatCallback:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat off
xrdp-sesman[495]: [INFO ] Found X server running at /tmp/.X11-unix/X10
xrdp-sesman[496]: [INFO ] Found X server running at /tmp/.X11-unix/X10
xrdp-sesman[495]: [INFO ] Session started successfully for user abc on display 10
xrdp-sesman[502]: [INFO ] Starting the xrdp channel server for display 10
xrdp-sesman[495]: [INFO ] Session in progress on display 10, waiting until the window manager (pid 496) exits to end the session
Global configuration:
    UseUnixSocket (derived):   true

Security configuration:
    RestrictOutboundClipboard: false

Chansrv configuration:
    EnableFuseMount            true
    FuseMountName:             thinclient_drives
    FileMask:                  077
    Nautilus 3 Flist Format:   false
chansrv::main: using log file [/config/.local/share/xrdp/xrdp-chansrv.10.log]
rdpRRGetInfo:
rdpClientConProcessMsgClientInfo:
  got client info bytes 7072
  jpeg support 0
  offscreen support 0
  offscreen size 0
  offscreen entries 0
  client supports glyph cache but server disabled
  client can not do offscreen to offscreen blits
  client can do new(color) cursor
  client can not do multimon
rdpRRSetRdpOutputs: numCrtcs 0 numOutputs 0 monitorCount 0
rdpRRSetRdpOutputs: add output 0 left 0 top 0 width 1364 height 644
rdpLoadLayout: keylayout 0x00000409 variant  display 10
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat on
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat on
fuse: device not found, try 'modprobe fuse' first
fuse: device not found, try 'modprobe fuse' first
guacd[458]: INFO:       Accepted format: 16-bit PCM with 2 channels at 44100 Hz
guacd[458]: INFO:       Accepted format: 16-bit PCM with 2 channels at 22050 Hz
guacd[458]: INFO:       Connected to RDPDR 1.12 as client 0xfd04b333
fuse: device not found, try 'modprobe fuse' first
guacd[458]: INFO:       RDPDR user logged on
rdpInDeferredRepeatCallback:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat off
rdpInDeferredRepeatCallback:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat off
guacd[458]: INFO:       User "@00d6ff32-bec8-4237-939c-6eb3652ed06e" disconnected (0 users remain)
guacd[458]: INFO:       Last user of connection "$e8c63c99-02ed-4bf7-a659-f13f6c79b43f" disconnected
[2022-06-22 17:36:35] [Connection 1]  Closing connection with error:  Error: not opened
    at WebSocket.send (/gclient/node_modules/ws/lib/WebSocket.js:218:38)
    at ClientConnection.send (/gclient/node_modules/guacamole-lite/lib/ClientConnection.js:125:24)
    at GuacdClient.sendBufferToWebSocket (/gclient/node_modules/guacamole-lite/lib/GuacdClient.js:172:35)
    at GuacdClient.processReceivedData (/gclient/node_modules/guacamole-lite/lib/GuacdClient.js:163:14)
    at Socket.emit (node:events:526:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at Socket.Readable.push (node:internal/streams/readable:228:10)
    at TCP.onStreamRead (node:internal/stream_base_commons:190:23)
[2022-06-22 17:36:35] [Connection 1]  Closing guacd connection
[2022-06-22 17:36:35] [Connection 1]  Client connection closed
xrdp[493]: [ERROR] xrdp_iso_send: trans_write_copy_s failed
guacd[458]: INFO:       Internal RDP client disconnected
xrdp[493]: [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
guacd[432]: INFO:       Connection "$e8c63c99-02ed-4bf7-a659-f13f6c79b43f" removed.
rdpClientConRecv: g_sck_recv failed(returned 0)
rdpClientConRecvMsg: error
rdpClientConCheck: rdpClientConGotData failed
rdpClientConDisconnect:
rdpRemoveClientConFromDev: removing clientCon 0x7f50ba2780c0

Other actions

I looked for user abc password update on this repo and all FROM images down to alpine but I cannot find where the default password was added.
I can see it in other repos, , for instance:
https://github.com/linuxserver/docker-code-server/blob/66754831ab79824086f020645a7bdec739a7f139/root/etc/cont-init.d/30-config#L13

Thanks for your help.
Thank you for this awesome project !

BR,

[BUG] The latest tag is missing the init scripts

Is there an existing issue for this?

I have searched the existing issues

Current Behavior

cont-init finds no files and thus never starts a service on port 3000 (checked netstat).

I've also tried pulling a version back (3.4.13) -- it has the init scripts but I couldn't get it to work. I just get a black screen when visiting port 3000 in the browser or port 3389 from Remote Desktop on Windows (after logging in with abc/abc).

Expected Behavior

No response

Steps To Reproduce

docker compose up wireshark

Environment

- OS:
- How docker service was installed:

CPU architecture

x86-64

Docker creation

wireshark:
    image: linuxserver/wireshark:latest
    cap_add:
      - NET_ADMIN
    security_opt:
      - seccomp:unconfined #optional
    network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York
    volumes:
      - ./cfgs/wireshark:/config
    restart: unless-stopped

Container logs

wireshark-1  | [custom-init] No custom services found, skipping...
wireshark-1  | [migrations] started
wireshark-1  | [migrations] no migrations found
....
wireshark-1  |
wireshark-1  | Generating a RSA private key
wireshark-1  | .......................................................................................................................................................................................................+++++
wireshark-1  | ..........+++++
wireshark-1  | writing new private key to '/etc/xrdp/key.pem'
wireshark-1  | -----
wireshark-1  | [custom-init] No custom files found, skipping...

[BUG] Podman fails to start after s6v3 was added

Is there an existing issue for this?

I have searched the existing issues

Current Behavior

I can get the 3.4.13 tags to run just fine, however, if I update to a 3.6.5 version it will not complete the init.

Expected Behavior

Container should start up and listen on port 3000 for a web interface to Wireshark.

Steps To Reproduce

Start the unit file listed below under the Docker Creation section.
If I use the tag 3.6.5 or a flavor thereof, it fails to fully start.
If I use the tag 3.4.13 it works just fine.

Environment

- OS: Fedora CoreOS
- How docker service was installed: Using Podman that comes with the OS.

CPU architecture

x86-64

Docker creation

[Unit]
Description=Podman wireshark.service
Documentation=man:podman-run(1)
Documentation=https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/building_running_and_managing_containers/assembly_porting-containers-to-systemd-using-podman_building-running-and-managing-containers
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
ExecStartPre=-/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
ExecStartPre=-/bin/rm -f %t/%n.ctr-id
ExecStartPre=-/bin/rm -f %t/%n.pid
ExecStartPre=mkdir -p %E/%N
ExecStart=/bin/bash -c ' \
    /usr/bin/podman run \
    --name %N \
    --pull newer \
    -d \
    --cidfile=%t/%n.ctr-id --sdnotify=conmon --cgroups=no-conmon \
    --conmon-pidfile=%t/%n.pid \
    --network host \
    --restart no \
    --replace \
    --rm \
    --stop-timeout 60 \
    --log-driver=passthrough \
    --env "TZ=America\Chicago" \
    -v /etc/localtime:/etc/localtime:ro \
    -l=diun.enable \
    --cap-add=NET_ADMIN \
    lscr.io/linuxserver/wireshark:3.6.5 \
    '
ExecReload=-/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecReload=-/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
KillMode=mixed
PIDFile=%t/%n.pid
Restart=on-failure
SyslogIdentifier=%N

[Install]
WantedBy=multi-user.target
WantedBy=default.target

Container logs

Journald logs

Mar 05 20:56:53 carburetor systemd[1]: Started wireshark.service - Podman wireshark.service.
Mar 05 20:56:53 carburetor podman[16462]: 2023-03-05 20:56:53.283079574 -0600 CST m=+14.328168069 container start 44dda7a4b316d4fff28ca080d5fa90b6731c4bddc001c4b279a446270846783b (image=lscr.io/linuxserver/wireshark:3.6.5-r1-ls120, name=wireshark, org.opencontainers.image.created=2022-10-23T13:31:25-05:00, diun.enable=, org.opencontainers.image.version=3.6.5-r1-ls120, maintainer=thelamer, org.opencontainers.image.url=https://github.com/linuxserver/docker-wireshark/packages, org.opencontainers.image.vendor=linuxserver.io, org.opencontainers.image.revision=4058f6b0951e0ced0a80c8e8ae7008c26f81af48, org.opencontainers.image.authors=linuxserver.io, org.opencontainers.image.description=[Wireshark](https://www.wireshark.org/) is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998. , org.opencontainers.image.licenses=GPL-3.0-only, org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-wireshark, build_version=Linuxserver.io version:- 3.6.5-r1-ls120 Build-date:- 2022-10-23T13:31:25-05:00, org.opencontainers.image.source=https://github.com/linuxserver/docker-wireshark, org.opencontainers.image.title=Wireshark, org.opencontainers.image.ref.name=4058f6b0951e0ced0a80c8e8ae7008c26f81af48, PODMAN_SYSTEMD_UNIT=wireshark.service)
Mar 05 20:56:53 carburetor wireshark[16657]: [migrations] started
Mar 05 20:56:53 carburetor wireshark[16657]: [migrations] no migrations found
Mar 05 20:56:53 carburetor wireshark[16680]: usermod: no changes
Mar 05 20:56:53 carburetor wireshark[16751]: [custom-init] No custom files found, skipping...

Login Failed For Display 0

When logging in with abc/abc I recieve an error message that states login failed for display 0. Oddly when I log in with a console session I see a screen share that would be from a VM I have in another guacamole instance that I have. The other guacamole share is on a different subnet in a separate docker created network and the port exposed isn't 3000. I'm wondering if maybe I could log into wireshark from my existing guacamole instance, if so what would the settings be, or if I can separate them some how. Or maybe that has nothing to do with the login failed issue.

Expected Behavior

I would expect to see the application window after logging in.

Current Behavior

Steps to Reproduce

sudo docker-compose -f /volume1/docker/wireshark.yml up -d --force-recreate
xxx.xxx.x.xxx:3000
3.login to default session with user:abc pass:abc
4.error message described -> return to login manager

Environment

OS: Synology DSM
CPU architecture: x86_64
How docker service was installed:

Command used to create docker container (run/create/compose/screenshot)

version: "3.7"
services:
  wireshark:
    image: ghcr.io/linuxserver/wireshark
    container_name: wireshark
    cap_add:
      - NET_ADMIN
    network_mode: host
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
    volumes:
      - $DOCKERDIR/wireshark:/config
    restart: unless-stopped

Docker logs

[20201105-15:03:50] [DEBUG] Security layer: requested 3, selected 1


ssl_tls_accept: TLS connection accepted


colorDepth 0xca01 (0xca00 4bpp 0xca01 8bpp)


[20201105-15:03:50] [INFO ] connected client computer name: Guacamole RDP


postBeta2ColorDepth 0xca01 (0xca00 4bpp 0xca01 8bpp 0xca02 15bpp 0xca03 16bpp 0xca04 24bpp)


highColorDepth 0x0010 (0x0004 4bpp 0x0008 8bpp 0x000f 15bpp 0x0010 16 bpp 0x0018 24bpp)


supportedColorDepths 0x0007 (0x0001 24bpp 0x0002 16bpp 0x0004 15bpp 0x0008 32bpp)


earlyCapabilityFlags 0x0421 (0x0002 want32)


got client client connection type 0x00000006


xrstarting sesman in foreground...


sesman config:


	ListenAddress:            127.0.0.1


	ListenPort:               3350


	EnableUserWindowManager:  1


	UserWindowManager:        startwm.sh


	DefaultWindowManager:     startwm.sh


	AuthFilePath:             disabled


Xvnc parameters:


	Parameter 00                   Xvnc


	Parameter 01                   -bs


	Parameter 02                   -nolisten


	Parameter 03                   tcp


	Parameter 04                   -localhost


	Parameter 05                   -dpi


	Parameter 06                   96


X11rdp parameters:


XOrg parameters:


	Parameter 00                   /usr/lib/xorg/Xorg


	Parameter 01                   -config


	Parameter 02                   xrdp/xorg.conf


	Parameter 03                   -noreset


	Parameter 04                   -nolisten


	Parameter 05                   tcp


	Parameter 06                   -logfile


	Parameter 07                   .xorgxrdp.%s.log


security configuration:


	AllowRootLogin:       1


	MaxLoginRetry:        4


	AlwaysGroupCheck:     0


	No TSUsersGroup defined


	No TSAdminsGroup defined


session configuration:


	MaxSessions:                 50


	X11DisplayOffset:            10


	KillDisconnected:            0


	IdleTimeLimit:               0


	DisconnectedTimeLimit:       0


	Policy:       0


SessionVariables parameters:


  Parameter 00                   PULSE_SCRIPT=/etc/xrdp/pulse/default.pa


[20201105-14:40:40] [DEBUG] libscp initialized


[20201105-14:40:40] [INFO ] starting xrdp-sesman with pid 323


[20201105-14:40:40] [INFO ] listening to port 3350 on 127.0.0.1


[20201105-14:41:01] [INFO ] A connection received from ::1 port 42325


pam_authenticate failed: System error


[20201105-14:41:02] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:41:20] [INFO ] A connection received from ::1 port 42486


pam_authenticate failed: System error


[20201105-14:41:21] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:41:22] [INFO ] A connection received from ::1 port 42488


pam_authenticate failed: System error


[20201105-14:41:22] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:41:27] [INFO ] A connection received from ::1 port 42519


pam_authenticate failed: System error


[20201105-14:41:28] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:41:30] [INFO ] A connection received from ::1 port 42540


pam_authenticate failed: System error


[20201105-14:41:31] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:43:50] [INFO ] A connection received from ::1 port 43809


pam_authenticate failed: System error


[20201105-14:43:51] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:44:09] [INFO ] A connection received from ::1 port 44024


pam_authenticate failed: System error


[20201105-14:44:10] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:44:28] [INFO ] A connection received from ::1 port 44189


pam_authenticate failed: System error


[20201105-14:44:28] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:55:26] [INFO ] A connection received from ::1 port 50194


pam_authenticate failed: System error


[20201105-14:55:27] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:55:39] [INFO ] A connection received from ::1 port 50321


pam_authenticate failed: System error


[20201105-14:55:40] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:55:43] [INFO ] A connection received from ::1 port 50337


pam_authenticate failed: System error


[20201105-14:55:43] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:55:52] [INFO ] A connection received from ::1 port 50471


pam_authenticate failed: System error


[20201105-14:55:53] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:55:55] [INFO ] A connection received from ::1 port 50495


pam_authenticate failed: System error


[20201105-14:55:56] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


[20201105-14:56:05] [INFO ] A connection received from ::1 port 50523


pam_authenticate failed: System error


[20201105-14:56:05] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)


guacd[627]: ERROR:	User is not responding.


guacd[627]: INFO:	User "@2c1e5a58-0996-4b6a-a557-c64b81c9617c" disconnected (0 users remain)


guacd[627]: INFO:	Last user of connection "$ba2cb9b4-39a5-4d96-8a29-32d823b3899d" disconnected


guacd[627]: INFO:	Internal RDP client disconnected


guacd[336]: INFO:	Connection "$ba2cb9b4-39a5-4d96-8a29-32d823b3899d" removed.

ERROR: for wireshark "host" network_mode is incompatible with port_bindings

Expected Behavior

docker compose up

Should add the wireshark container to my already existing compose file and start the wireshark container so I can use it to look at my network.

Current Behavior

ERROR: for wireshark  "host" network_mode is incompatible with port_bindings
Traceback (most recent call last):
  File "docker-compose", line 3, in <module>
  File "compose\cli\main.py", line 81, in main
  File "compose\cli\main.py", line 203, in perform_command
  File "compose\metrics\decorator.py", line 18, in wrapper
  File "compose\cli\main.py", line 1186, in up
  File "compose\cli\main.py", line 1166, in up
  File "compose\project.py", line 697, in up
  File "compose\parallel.py", line 108, in parallel_execute
  File "compose\parallel.py", line 206, in producer
  File "compose\project.py", line 679, in do
  File "compose\service.py", line 579, in execute_convergence_plan
  File "compose\service.py", line 499, in _execute_convergence_recreate
  File "compose\parallel.py", line 108, in parallel_execute
  File "compose\parallel.py", line 206, in producer
  File "compose\service.py", line 494, in recreate
  File "compose\service.py", line 612, in recreate_container
  File "compose\service.py", line 330, in create_container
  File "compose\service.py", line 939, in _get_container_create_options
  File "compose\service.py", line 1014, in _get_container_host_config
  File "docker\api\container.py", line 598, in create_host_config
  File "docker\types\containers.py", line 338, in __init__
docker.errors.InvalidArgument: "host" network_mode is incompatible with port_bindings
[18132] Failed to execute script docker-compose

This seems to be not relevant for us, since we really want to see what is going on inside:

https://stackoverflow.com/questions/67819391/docker-compose-network-mode-and-port-binding-compatibility-issue

And this discussion here https://forums.docker.com/t/docker-errors-invalidargument-host-network-mode-is-incompatible-with-port-bindings/103492 I don't understand.

Steps to Reproduce

Add the section from the README.md to your own docker-compose.yaml
Run docker compose up

Environment

OS: Windows 10
CPU architecture: x86_64
How docker service was installed:

Docker Desktop 4.7.1 (77678) is currently the newest version available.

Command used to create docker container (run/create/compose/screenshot)

docker compose

[BUG] No connections picked up or gets stuck on container start-up

Is there an existing issue for this?

I have searched the existing issues

Current Behavior

Depending on whether

    network_mode: host

is commented in the docker-compose or not, the container doesn't start properly (gets stuck before Guacamole starts. Hence, I can not open the GUI via localhost:3000) or (GUI works) won't pick up any network connections except the docker ones.

Expected Behavior

As in the commented case

GUI accessible via localhost:3000
picking up network connections apart from the ones between host and container

Steps To Reproduce

Use the default docker-compose.yml (maybe adjust for other case)
run docker-compose up
in case of commented network mode chose any in gui and filter eg ip.src!=127.0.0.1 and ip.src!=172.17.0.1

Environment

- OS: macOS 12.6
- How docker service was installed: homebrew cask

CPU architecture

x86-64

Docker creation

run docker-compose up

docker-compose.yml

---
version: "2.1"
services:
  wireshark:
    image: lscr.io/linuxserver/wireshark:latest
    container_name: wireshark
    # privileged: true # tried also this and did not get any other result
    cap_add:
      - NET_ADMIN
    security_opt:
      - seccomp:unconfined #optional
    network_mode: host # worked only when this was commented
    environment:
      # - PUID=1000
      # - PGID=1000
      - TZ=Etc/UTC
      - PUID=501
      - PGID=20
    volumes:
      - ../config:/config
    ports:
      - 3000:3000 #optional
    restart: unless-stopped

Container logs

non-commented network_mode: host

wireshark  | Generating 2048 bit rsa key...
wireshark  | 
wireshark  | ssl_gen_key_xrdp1 ok
wireshark  | 
wireshark  | saving to rsakeys.ini
wireshark  | 
wireshark  | Generating a RSA private key
wireshark  | ..................................................................................................................+++++
wireshark  | ..................................................................................................+++++
wireshark  | writing new private key to '/etc/xrdp/key.pem'
wireshark  | -----
wireshark  | [custom-init] No custom files found, skipping...
^CGracefully stopping... (press Ctrl+C again to force)

and

commented # network_mode: host

wireshark  | Generating 2048 bit rsa key...
wireshark  | 
wireshark  | ssl_gen_key_xrdp1 ok
wireshark  | 
wireshark  | saving to rsakeys.ini
wireshark  | 
wireshark  | Generating a RSA private key
wireshark  | ..................................................................................+++++
wireshark  | ...............................................................+++++
wireshark  | writing new private key to '/etc/xrdp/key.pem'
wireshark  | -----
wireshark  | [custom-init] No custom files found, skipping...
wireshark  | guacd[182]: INFO:  Guacamole proxy daemon (guacd) version 1.1.0 started
wireshark  | guacd[182]: INFO:  Listening on host 0.0.0.0, port 4822
wireshark  | guacd[182]: INFO:  Guacamole connection closed during handshake
wireshark  | Starting guacamole-lite websocket server
wireshark  | listening on *:3000
wireshark  | [guac-init] Auto start not set, application start on login
wireshark  | [ls.io-init] done.
wireshark  | [2023-04-07 23:11:06] [Connection 1]  Client connection open
wireshark  | [2023-04-07 23:11:06] [Connection 1]  Opening guacd connection
wireshark  | [2023-04-07 23:11:06] [Connection 1]  guacd connection open
wireshark  | [2023-04-07 23:11:06] [Connection 1]  Selecting connection type: rdp
wireshark  | [2023-04-07 23:11:06] [Connection 1]  Sending opCode: 6.select,3.rdp;
wireshark  | guacd[182]: INFO:  Creating new client for protocol "rdp"
wireshark  | guacd[182]: INFO:  Connection ID is "$4e3f8fc5-8177-4ab6-aa04-293073003054"
wireshark  | [2023-04-07 23:11:06] [Connection 1]  Sending opCode: 4.size,4.1440,13.837?undefined,2.96;
wireshark  | [2023-04-07 23:11:06] [Connection 1]  Sending opCode: 5.audio,9.audio/L16;
wireshark  | [2023-04-07 23:11:06] [Connection 1]  Sending opCode: 5.video;
wireshark  | [2023-04-07 23:11:06] [Connection 1]  Sending opCode: 5.image;
wireshark  | [2023-04-07 23:11:06] [Connection 1]  Server sent handshake: 4.args,13.VERSION_1_1_0,8.hostname,4.port,6.domain,8.username,8.password,5.width,6.height,3.dpi,15.initial-program,11.color-depth,13.disable-audio,15.enable-printing,12.printer-name,12.enable-drive,10.drive-name,10.drive-path,17.create-drive-path,7.console,13.console-audio,13.server-layout,8.security,11.ignore-cert,12.disable-auth,10.remote-app,14.remote-app-dir,15.remote-app-args,15.static-channels,11.client-name,16.enable-wallpaper,14.enable-theming,21.enable-font-smoothing,23.enable-full-window-drag,26.enable-desktop-composition,22.enable-menu-animations,22.disable-bitmap-caching,25.disable-offscreen-caching,21.disable-glyph-caching,16.preconnection-id,18.preconnection-blob,8.timezone,11.enable-sftp,13.sftp-hostname,13.sftp-host-key,9.sftp-port,13.sftp-username,13.sftp-password,16.sftp-private-key,15.sftp-passphrase,14.sftp-directory,19.sftp-root-directory,26.sftp-server-alive-interval,14.recording-path,14.recording-name,24.recording-exclude-output,23.recording-exclude-mouse,22.recording-include-keys,21.create-recording-path,13.resize-method,18.enable-audio-input,9.read-only,16.gateway-hostname,12.gateway-port,14.gateway-domain,16.gateway-username,16.gateway-password,17.load-balance-info
wireshark  | [2023-04-07 23:11:06] [Connection 1]  Sending opCode: 7.connect,0.,9.127.0.0.1,4.3389,0.,3.abc,3.abc,4.1440,13.837?undefined,2.96,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,12.en-us-qwerty,3.any,4.true,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,14.display-update,0.,0.,0.,0.,0.,0.,0.,0.;
wireshark  | guacd[231]: INFO:  Security mode: Negotiate (ANY)
wireshark  | guacd[231]: INFO:  Resize method: display-update
wireshark  | guacd[231]: INFO:  User "@b23c4264-545e-47b6-a1ab-85881a923267" joined connection "$4e3f8fc5-8177-4ab6-aa04-293073003054" (1 users now present)
wireshark  | guacd[231]: INFO:  Loading keymap "base"
wireshark  | guacd[231]: INFO:  Loading keymap "en-us-qwerty"
wireshark  | 
wireshark  | X.Org X Server 1.21.1.4
wireshark  | X Protocol Version 11, Revision 0
wireshark  | Current Operating System: Linux f7902954fe42 5.15.49-linuxkit #1 SMP Tue Sep 13 07:51:46 UTC 2022 x86_64
wireshark  | Kernel command line: page_poison=1 vsyscall=emulate panic=1 nospec_store_bypass_disable noibrs noibpb no_stf_barrier mitigations=off linuxkit.unified_cgroup_hierarchy=1 console=hvc0 tsc=reliable irqaffinity=0 vpnkit.connect=connect://2/1999 vpnkit.disable=osxfs-data com.docker.VMID=c99b77b5-32e2-418a-b461-ec0f176b67c3
wireshark  |  
wireshark  | Current version of pixman: 0.40.0
wireshark  |    Before reporting problems, check http://wiki.x.org
wireshark  |    to make sure that you have the latest version.
wireshark  | Markers: (--) probed, (**) from config file, (==) default setting,
wireshark  |    (++) from command line, (!!) notice, (II) informational,
wireshark  |    (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
wireshark  | (++) Log file: ".xorgxrdp.10.log", Time: Fri Apr  7 23:11:08 2023
wireshark  | (++) Using config file: "/etc/X11/xrdp/xorg.conf"
wireshark  | (==) Using system config directory "/usr/share/X11/xorg.conf.d"
wireshark  | Global configuration:
wireshark  | xorgxrdpSetup:
wireshark  | xrdpdevSetup:
wireshark  | rdpmousePlug:
wireshark  | rdpkeybPlug:
wireshark  | rdpIdentify:
wireshark  | rdpDriverFunc: op 10
wireshark  | rdpProbe:
wireshark  | rdpPreInit:
wireshark  | rdpScreenInit: virtualX 800 virtualY 600 rgbBits 8 depth 24
wireshark  | rdpScreenInit: pfbMemory bytes 1920000
wireshark  | rdpScreenInit: pfbMemory 0x7f9c55ca4370
wireshark  | rdpSimdInit: assigning yuv functions
wireshark  | rdpSimdInit: cpuid ax 1 cx 0 return ax 0x000406e3 bx 0x00020800 cx 0xfeda3203 dx 0x178bfbff
wireshark  | rdpSimdInit: sse2 amd64 yuv functions assigned
wireshark  | rdpClientConInit: disconnect idle session after [0] sec
wireshark  | rdpClientConInit: kill disconnected [0] timeout [0] sec
wireshark  | rdpXvInit: depth 24
wireshark  | rdpScreenInit: out
wireshark  | rdpCreateScreenResources:
wireshark  | rdpmousePreInit: drv 0x7f9c563c59d0 info 0x7f9c4d9bdb50, flags 0x0
wireshark  | rdpmouseControl: what 0
wireshark  | rdpmouseDeviceInit:
wireshark  | rdpmouseCtrl:
wireshark  | rdpRegisterInputCallback: type 1 proc 0x7f9c55e7f3b1
wireshark  | rdpmouseControl: what 1
wireshark  | rdpmouseDeviceOn:
wireshark  | rdpkeybPreInit: drv 0x7f9c563c5a70 info 0x7f9c4d9bdc90, flags 0x0
wireshark  | rdpkeybControl: what 0
wireshark  | rdpkeybDeviceInit:
wireshark  | rdpkeybChangeKeyboardControl:
wireshark  | rdpkeybChangeKeyboardControl: autoRepeat on
wireshark  | rdpRegisterInputCallback: type 0 proc 0x7f9c55e7a8ad
wireshark  | rdpkeybControl: what 1
wireshark  | rdpkeybDeviceOn:
wireshark  | rdpDeferredRandR:
wireshark  | rdpResizeSession: width 1024 height 768
wireshark  |   calling RRScreenSizeSet
wireshark  | rdpRRScreenSetSize: width 1024 height 768 mmWidth 271 mmHeight 203
wireshark  | rdpRRGetInfo:
wireshark  |   screen resized to 1024x768
wireshark  |   RRScreenSizeSet ok 1
wireshark  | rdpResizeSession: width 1440 height 837
wireshark  |   calling RRScreenSizeSet
wireshark  | rdpRRScreenSetSize: width 1440 height 837 mmWidth 381 mmHeight 221
wireshark  | rdpRRGetInfo:
wireshark  |   screen resized to 1440x837
wireshark  |   RRScreenSizeSet ok 1
wireshark  | rdpClientConGotConnection:
wireshark  | rdpClientConGotConnection: g_sck_accept ok new_sck 16
wireshark  | rdpClientConGetConnection: idle_disconnect_timeout set to non-positive value, idle timer turned off
wireshark  | rdpAddClientConToDev: adding first clientCon 0x7f9c55e60120
wireshark  | rdpClientConProcessMsgVersion: version 0 0 0 1
wireshark  | rdpInDeferredRepeatCallback:
wireshark  | rdpkeybChangeKeyboardControl:
wireshark  | rdpkeybChangeKeyboardControl: autoRepeat off
wireshark  | rdpClientConProcessScreenSizeMsg: set width 1440 height 837 bpp 16
wireshark  | rdpClientConProcessScreenSizeMsg: shmemid 0 shmemptr 0x7f9c4cec9000
wireshark  | rdpClientConProcessMsgClientInput: invalidate x 0 y 0 cx 1440 cy 837
wireshark  | rdpClientConProcessMsgClientInfo:
wireshark  |   got client info bytes 7072
wireshark  |   jpeg support 0
wireshark  |   offscreen support 0
wireshark  |   offscreen size 0
wireshark  |   offscreen entries 0
wireshark  |   client supports glyph cache but server disabled
wireshark  |   client can not do offscreen to offscreen blits
wireshark  |   client can do new(color) cursor
wireshark  |   client can not do multimon
wireshark  | rdpRRSetRdpOutputs: numCrtcs 0 numOutputs 0 monitorCount 0
wireshark  | rdpRRSetRdpOutputs: add output 0 left 0 top 0 width 1440 height 837
wireshark  | rdpLoadLayout: keylayout 0x00000409 variant  display 10
wireshark  | rdpkeybChangeKeyboardControl:
wireshark  | rdpkeybChangeKeyboardControl: autoRepeat on
wireshark  | rdpkeybChangeKeyboardControl:
wireshark  | rdpkeybChangeKeyboardControl: autoRepeat on
wireshark  | rdpInDeferredRepeatCallback:
wireshark  | rdpkeybChangeKeyboardControl:
wireshark  | rdpkeybChangeKeyboardControl: autoRepeat off
wireshark  | rdpInDeferredRepeatCallback:
wireshark  | rdpkeybChangeKeyboardControl:
wireshark  | rdpkeybChangeKeyboardControl: autoRepeat off
wireshark  | guacd[231]: INFO:  Accepted format: 16-bit PCM with 2 channels at 44100 Hz
wireshark  | guacd[231]: INFO:  Accepted format: 16-bit PCM with 2 channels at 22050 Hz
wireshark  | guacd[231]: INFO:  Connected to RDPDR 1.12 as client 0xcf87e5b5
wireshark  | guacd[231]: INFO:  RDPDR user logged on
^CGracefully stopping... (press Ctrl+C again to force)

No valid ports available

Expected Behavior

Run the app on localhost:3000

Current Behavior

I can't run wireshark on docker on URL localhost:3000.
Error when i run in the browser from Vscode : no valid ports available

Steps to Reproduce

See up

Environment

Docker windows

Command used to create docker container (run/create/compose/screenshot)

` wireshark:
image: ghcr.io/linuxserver/wireshark
container_name: wireshark
cap_add:

NET_ADMIN
network_mode: host
environment:
PUID=$PUID
PGID=$PGID
TZ=$TZ
volumes:
$DOCKERDIR/wireshark:/config
restart: unless-stopped
ports:
3000:3000 #optional`

Docker logs

To support LSIO projects visit:

https://www.linuxserver.io/donate/

GID/UID

User uid: 911

User gid: 911

[cont-init.d] 10-adduser: exited 0.

[cont-init.d] 13-keygen: executing...

[cont-init.d] 13-keygen: exited 0.

[cont-init.d] 30-config: executing...

[cont-init.d] 30-config: exited 1.

[cont-init.d] 50-gid-video: executing...

[cont-init.d] 50-gid-video: exited 0.

[cont-init.d] 55-autostart-config: executing...

[cont-init.d] 55-autostart-config: exited 0.

[cont-init.d] 56-openboxcopy: executing...

[cont-init.d] 56-openboxcopy: exited 1.

[cont-init.d] 90-custom-folders: executing...

[cont-init.d] 90-custom-folders: exited 0.

[cont-init.d] 99-custom-files: executing...

[custom-init] no custom files found exiting...

[cont-init.d] 99-custom-files: exited 0.

[cont-init.d] done.

[services.d] starting services

[services.d] done.

[guac-init] Auto start not set, application start on login

Starting guacamole-lite websocket server

listening on *:3000`

Wireshark docker listening on port 3389

Current Behavior

The wireshark docker is listening on port 3389, which is not documented.

From a console session into the docker:
netstat -tunlp | grep 3389
tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN 202/xrdp

Pointing a Remote Desktop Client at <host_ip>:3389 presents a login dialog.
Logging in with abc/abc brings up an RDP session with Wireshark. This capability us useful, since the display resolution is greatly improved compared to the web interface.

Since this docker is most often used in host mode, it is monopolizing host port 3389, preventing the its use for other purposes. Suggest that the xrdp port be made user selectable, probably via a docker variable, or that the use of xrdp be made optional.

**OS: Unraid 6.9.2, Wireshark docker version 3.4.13-r0-ls113
**CPU architecture: x86_64
How docker service was installed:
From the linuxserver wireshark template in the Unraid APP store

[FEAT] <Adding custom wireshark plugin>

Is this a new feature request?

I have searched the existing issues

Wanted change

Is there a way to add custom plugins into this container?

Reason for change

Currently i'm manually copying the plugin into the mounted folder and from there i copy to /usr/lib/wireshark/plugins/3.6

Proposed code change

No response

Network Host: Change Port

Create an environmental variable to specify the webserver port when using host network mode.

Desired Behavior

On run, pass a -e PORT=8000 and the webserver will listen on port 8000 rather than 3000.

Current Behavior

No option to change the listening port and container will not run in Host mode if something else is listening on port 3000.

Alternatives Considered

I could change other software or container's ports, but not all other containers support this.
I would also prefer to keep all of my web ports in the 8000 range.

none of the host interfaces are shown

Is there an existing issue for this?

I have searched the existing issues

Current Behavior

When I run the compose file, I can only see the container's interfaces, none of the hosts are shown.
Do I need to install or perform any additional configuration to see the host's interfaces?

Expected Behavior

Host's network interfaces to be available to capture traffic from

Steps To Reproduce

using the docker-compsoe file
run docker compose up -d --build --remove-orphans--
docker compose logs -f wireshark

Environment

- OS: Ubuntu 2204
- How docker service was installed: Used the instructions found on Docker Official Site https://docs.docker.com/engine/install/ubuntu/ and insatlled using apt

CPU architecture

x86-64

Docker creation

---
services:
  wireshark:
    image: lscr.io/linuxserver/wireshark:latest
    container_name: wireshark
    cap_add:
      - NET_ADMIN
    security_opt:
      - seccomp:unconfined #optional
    network_mode: host
    environment:
      - PUID=0
      - PGID=0
      - TZ=Etc/UTC
    volumes:
      - config:/config
    ports:
      - 3000:3000 #optional
      - 3001:3001 #optional
    restart: unless-stopped
volumes:
  config:

Container logs

docker compose logs -f wireshark
wireshark  | [migrations] started
wireshark  | [migrations] no migrations found
wireshark  | ───────────────────────────────────────
wireshark  |
wireshark  |       ██╗     ███████╗██╗ ██████╗
wireshark  |       ██║     ██╔════╝██║██╔═══██╗
wireshark  |       ██║     ███████╗██║██║   ██║
wireshark  |       ██║     ╚════██║██║██║   ██║
wireshark  |       ███████╗███████║██║╚██████╔╝
wireshark  |       ╚══════╝╚══════╝╚═╝ ╚═════╝
wireshark  |
wireshark  |    Brought to you by linuxserver.io
wireshark  | ───────────────────────────────────────
wireshark  |
wireshark  | To support LSIO projects visit:
wireshark  | https://www.linuxserver.io/donate/
wireshark  |
wireshark  | ───────────────────────────────────────
wireshark  | GID/UID
wireshark  | ───────────────────────────────────────
wireshark  |
wireshark  | User UID:    0
wireshark  | User GID:    0
wireshark  | ───────────────────────────────────────
wireshark  |
wireshark  | .+.+..+...+....+...+..+...+.......+...+...+.....+...+....+...+..+..........+......+......+...+......+..+...+.+......+...+.....+.+.....+.........+....+..+........................+.........+...+....+.....+...+...+++++++++++++++++++++++++++++++++++++++*...........+......+.....+++++++++++++++++++++++++++++++++++++++*...+....+..+.+.....+...+.........................+..+...+.+.........+..++++++
wireshark  | .....+..+.........+++++++++++++++++++++++++++++++++++++++*...+......+....+..+++++++++++++++++++++++++++++++++++++++*..................+.......+...+.....+...............+....+.....+......+.......+........+......+...+.......+.....+......+....+......+..+.+.....+......+..........+.........+...........+......+....+.........+..+..........+..+.+..+...............+....+...+...+..+......+.......+..+............+...+.+............+.....+....+.....++++++
wireshark  | -----
wireshark  | [custom-init] No custom files found, skipping...
wireshark  | [ls.io-init] done.
wireshark  |
wireshark  | Xvnc KasmVNC 1.2.0 - built Feb 17 2024 18:44:55
wireshark  | Copyright (C) 1999-2018 KasmVNC Team and many others (see README.me)
wireshark  | See http://kasmweb.com for information on KasmVNC.
wireshark  | Underlying X server release 12014000, The X.Org Foundation
wireshark  |
wireshark  | The XKEYBOARD keymap compiler (xkbcomp) reports:
wireshark  | > Warning:          Could not resolve keysym XF86CameraAccessEnable
wireshark  | > Warning:          Could not resolve keysym XF86CameraAccessDisable
wireshark  | > Warning:          Could not resolve keysym XF86CameraAccessToggle
wireshark  | > Warning:          Could not resolve keysym XF86NextElement
wireshark  | > Warning:          Could not resolve keysym XF86PreviousElement
wireshark  | > Warning:          Could not resolve keysym XF86AutopilotEngageToggle
wireshark  | > Warning:          Could not resolve keysym XF86MarkWaypoint
wireshark  | > Warning:          Could not resolve keysym XF86Sos
wireshark  | > Warning:          Could not resolve keysym XF86NavChart
wireshark  | > Warning:          Could not resolve keysym XF86FishingChart
wireshark  | > Warning:          Could not resolve keysym XF86SingleRangeRadar
wireshark  | > Warning:          Could not resolve keysym XF86DualRangeRadar
wireshark  | > Warning:          Could not resolve keysym XF86RadarOverlay
wireshark  | > Warning:          Could not resolve keysym XF86TraditionalSonar
wireshark  | > Warning:          Could not resolve keysym XF86ClearvuSonar
wireshark  | > Warning:          Could not resolve keysym XF86SidevuSonar
wireshark  | > Warning:          Could not resolve keysym XF86NavInfo
wireshark  | Errors from xkbcomp are not fatal to the X server
wireshark  | Obt-Message: Xinerama extension is not present on the server
wireshark  |  2024-02-26 10:48:20,917 [INFO] websocket 0: got client connection from 127.0.0.1
wireshark  |  2024-02-26 10:48:20,928 [PRIO] Connections: accepted: @172.20.0.1_1708962500.917958::websocket
wireshark  |  2024-02-26 10:50:16,542 [INFO] websocket 1: got client connection from 127.0.0.1
wireshark  |  2024-02-26 10:50:16,555 [PRIO] Connections: accepted: @172.20.0.1_1708962616.542582::websocket
wireshark  |  2024-02-26 10:56:56,564 [PRIO] Connections: closed: @172.20.0.1_1708962616.542582::websocket (Clean disconnection)
wireshark  |  ** (wireshark:290) 10:57:14.555891 [Capture MESSAGE] -- Capture Start ...
wireshark  |  ** (wireshark:290) 10:57:14.633969 [Capture MESSAGE] -- Capture started
wireshark  |  ** (wireshark:290) 10:57:14.633985 [Capture MESSAGE] -- File: "/tmp/wireshark_eth004RHJ2.pcapng"
wireshark  |  ** (wireshark:290) 10:58:27.472874 [Capture MESSAGE] -- Capture Stop ...
wireshark  |  ** (wireshark:290) 10:58:27.521523 [Capture MESSAGE] -- Capture stopped.
wireshark  |  ** (wireshark:290) 10:58:27.608710 [Capture MESSAGE] -- Capture Start ...
wireshark  |  ** (wireshark:290) 10:58:27.674745 [Capture MESSAGE] -- Capture started
wireshark  |  ** (wireshark:290) 10:58:27.674780 [Capture MESSAGE] -- File: "/tmp/wireshark_eth081TGJ2.pcapng"
wireshark  |  ** (wireshark:290) 10:58:36.786762 [Capture MESSAGE] -- Capture Stop ...
wireshark  |  ** (wireshark:290) 10:58:36.826329 [Capture MESSAGE] -- Capture stopped.
wireshark  |  ** (wireshark:290) 10:58:46.737328 [Capture MESSAGE] -- Capture Start ...
wireshark  |  ** (wireshark:290) 10:58:46.836943 [Capture MESSAGE] -- Capture started
wireshark  |  ** (wireshark:290) 10:58:46.836956 [Capture MESSAGE] -- File: "/tmp/wireshark_any7V79I2.pcapng"