I have installed wireshark on Ubuntu, When I run it:
/usr/bin/wireshark
I get an error:
(wireshark:27945): Gtk-WARNING **: cannot open display:
I want to run wireshark on the command prompt.
I don't want to use the UI. I'm not sure why it is complaining about a display, I want to run it on a port.
You can try tshark - which is a "console based wireshark" which is part of wireshark project.
You should read Read man tshark.
For example to capture http packet on 80 port run:
tshark -f 'tcp port 80 and http'
P.S. Example was fixed to use capture filter instead of display filter.
On Ubuntu, running wireshark complains about display:
el@apollo:~$ wireshark
(wireshark:20619): Gtk-WARNING **: cannot open display:
Set the DISPLAY environment variable:
export DISPLAY=:0.0
/usr/bin/wireshark
Then it works:
el@apollo:~$ wireshark -Y
wireshark: option requires an argument -- 'Y'
Usage: wireshark [options] ... [ <infile> ]
Capture interface:
-i <interface> name or idx of interface (def: first non-loopback)
-f <capture filter> packet filter in libpcap filter syntax
-s <snaplen> packet snapshot length (def: 65535)
-p don't capture in promiscuous mode
-k start capturing immediately (def: do nothing)
-S update packet display when new packets are captured
-l turn on automatic scrolling while -S is in use
-I capture in monitor mode, if available
-B <buffer size> size of kernel buffer (def: 2MB)
-y <link type> link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit
wireshark is an X application, so it needs to know where to send the X11 display output.
