Since last weekend was a rainy and boring one, in my part of the world, I decided to upgrade my laptop running Fedora 23 to Fedora 24. After encountering a few problems with the straight upgrade, I ended up reinstalling Fedora 24 from scratch. To save my old data I mounted /home directory to the old /home directory (without re-formatting the old partition) when prompted during installation. Long story short, after upgrading I discovered that Wireshark needed to be built from sources for this version of Fedora. So, I decided to take advantage of the powerful tool called Docker.
My idea was to build a Docker container that would run Wireshark inside, would be able to capture data on the host network interface and would forward GUI to my host machine. I was glad I remembered how X11 works and learned how can you actually use a GUI app inside a Docker container.
Here are some useful links I used to document this implementation:
Let’s have a look at the Dockerfile used to build the wanted wireshark image:
From ubuntu:16.04 MAINTAINER Mihai firstname.lastname@example.org # Installing required additional software RUN apt-get update -y RUN apt-get install wget bzip2 -y # needed for wireshark download RUN apt-get install gcc python -y RUN apt-get install perl pkg-config libglib2.0-dev libpcap-dev gtk2.0 -y #Download and build latest wireshark RUN wget https://1.eu.dl.wireshark.org/src/wireshark-2.2.1.tar.bz2 RUN tar -jxf wireshark-2.2.1.tar.bz2 RUN /wireshark-2.2.1/configure make make install RUN ldconfig </i></b> ENTRYPOINT ["wireshark-gtk"]
Let’s break down the Dockerfile to see what’s going on.
I decided to install Wireshark on Ubuntu 16.04 (inside the container):
After that I needed to update Ubuntu container and install some prerequisites to be able to install wireshark:
RUN apt-get install wget bzip2 -y # needed for wireshark download RUN apt-get install gcc python -y RUN apt-get install perl pkg-config libglib2.0-dev libpcap-dev gtk2.0 -y>
Next step was to grab the wireshark sources archive; unzip it and execute the well known ./configure && make && make install procedure to build it from sources. Note that you need to provide the absolute path :
RUN wget https://1.eu.dl.wireshark.org/src/wireshark-2.2.1.tar.bz2 RUN tar -jxf wireshark-2.2.1.tar.bz2 RUN /wireshark-2.2.1/configure && make && make install RUN ldconfig
The final step was to designate an entry point (a default action that will be execute when this image will be instantiated):
To use this container you will need to have Docker up and running on your host machine:
service docker status Redirecting to /bin/systemctl status docker.service docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2016-10-10 09:17:41 EEST; 42min ago [/doc] <b>Docs: https://docs.docker.com</b> You then need to run below command to allow all X clients to connect to your X11 server: <b>$ sudo xhost +</b>
access control disabled, clients can connect from any host
Go ahead and download the image with:
docker pull costache2mihai/dockerizedwiresharkformsources
Now you can run it (start a container based on that image) with:
$ docker run -ti --net=host --privileged -v /home/mcostache/Ezuce:/root -w /root -e DISPLAY=$DISPLAY costache2mihai/dockerizedwiresharkformsources
Note that I’ve mounted a volume (folder /home/mcostache/Ezuce ) where I have stored some pcap’s.
If all goes well, on your screen you will see a window like:
Running container with “--net=host --privileged “ options allows us to capture traffic from host machine interfaces, and since we mounted a folder with pcap’s we can open those capture to analyze traffic.
More About the sipXcom Project:
From 2010 to 2015, sipXecs primary development contributions were provided by the development team at eZuce, Inc. The sipXcom open source communications project was established in January of 2015 from a fork in the sipXecs project by the development team at eZuce, Inc. With the creation of sipXcom, this team shifted its focus to contributing to the new project and no longer maintains sipXecs code nor participate in the SIPfoundry forums.
The experts who have helped to build sipXecs into the incredible product that it is will be found in the Google Groups email@example.com (https://groups.google.com/d/forum/sipxcom-users) and firstname.lastname@example.org (https://groups.google.com/d/forum/sipxcom-dev).