Getting Wireshark to run on Raspberry Pi with VNC

I have never been able to get Wireshark to run properly on any of my Raspberry Pi’s. Today I didn’t have a choice, I had to solve the problem.

The problem is Wireshark will not run from the menu on a linux menu because it needs to be run as root. I am always logged in on my normal non-root user.

On other linux systems, I have no problem getting around this problem. I simply type:

sudo wireshark

at a terminal prompt and it runs fine for me. But that doesn’t work for my RPIs. All of my RPI’s are headless servers – no keyboard and display. I must VNC into them.

When I try to run wireshark this way on a RPI, I get the error

sudo wireshark
(wireshark:4431): Gtk-WARNING **: cannot open display: :0.0

I presume this has something to do with VNC and the way it works on Linux. Whatever the issue, I need a work around.

I found the solution at The Geeky Space. You need to allow your user the ability to run the dumpcap program by using these commands:

sudo chgrp <yourUserId> /usr/bin/dumpcap
sudo chmod 750 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap

It worked like a charm. Thanks Geeky Space!

Apr 2014 Update:

I just tried this on a Linux Mint installation, and it worked there as well. Now I don’t need sudo to run wireshark.


This entry was posted in c-rpi and tagged . Bookmark the permalink.

3 Responses to Getting Wireshark to run on Raspberry Pi with VNC

  1. Sean Straw says:

    Don’t forget tcpdump, which is purely a CLI tool. You can capture what you need, then move the capture file to a workstation for evaluation in a GUI at your leisure.

    I do this on embedded devices both at my desk and in the field for troubleshooting network problems and monitoring data consumption on a per-protocol basis, which is handy for optimizing software to minimize bandwidth on systems where that bandwidth can be costly, such as over cellular networks. In those cases, the additional overhead of the VNC connection or similar just to examine the data would be painful.

    • Dan TheMan says:

      Good point. None of our corporate Sun servers have X Windows and tcpdump was the only way I could watch those systems when questions arose. tshark does the same thing though I haven’t played with it yet.

      Being able to capture packets from a Raspberry Pi is an intriguing prospect. A $35 packet capture device! Beats the heck out of the old $20K+ protocol analyzers I used to have to lug around.

      If I were still managing our corporate network, I’d be hanging RPI’soff each horizontal distribution switch so I could replicate traffic into them when needed rather than hauling a laptop to the wiring closet in question and setting it up to capture packets.

  2. Pingback: Arduino, GPS, GSM/GPRS: Transmitting GPS Coordinates via UDP to Google Maps | Big Dan the Blogging Man

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.