Run tshark/wireshark In Docker

Post author: Coding Spirit
Post link: <a href="https://lzqblog.top/2020/10/11/Run-tshark-wireshark-In-Docker/" title="Run tshark&#x2F;wireshark In Docker">https://lzqblog.top/2020/10/11/Run-tshark-wireshark-In-Docker/
Copyright Notice: All articles in this blog are licensed under <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/" rel="noopener" target="_blank"> BY-NC-SA unless stating additionally.

Posted on 2020-10-12 Edited on 2024-05-13 In 问题记录 Views: Word count in article: 73 Reading time ≈ 1 mins.

Last week when I was trying to run tshark in a Docker container to capture http packets, tshark reported following error even with root user:

1	tshark: Couldn't run /usr/bin/dumpcap in child process: Operation not permitted

After searching, to access dumcap, we need to add --cap-add options when start container, then add user into wireshark group:

1 2	docker run --cap-add=NET_RAW --cap-add=NET_ADMIN $IMAGE usermod -a -G wireshark $USER