我在Ubuntu上安装了wireshark,当我运行它时:
/usr/bin/wireshark
我收到一个错误:
(wireshark:27945): Gtk-WARNING **: cannot open display:
我想在命令提示符下运行wireshark.
我不想使用UI.我不确定它为什么抱怨显示器,我想在端口上运行它.
gra*_*ite 10
你可以试试tshark - 这是一个"控制台的wireshark",这是wireshark项目的一部分.
你应该阅读Read man tshark.
例如,在80端口运行时捕获http数据包:
tshark -f 'tcp port 80 and http'
PS示例被修复为使用捕获过滤器而不是显示过滤器.
小智 6
在Ubuntu上,运行wirehark抱怨显示:
el@apollo:~$ wireshark
(wireshark:20619): Gtk-WARNING **: cannot open display:
设置DISPLAY环境变量:
export DISPLAY=:0.0
/usr/bin/wireshark
然后工作:
el@apollo:~$ wireshark -Y
wireshark: option requires an argument -- 'Y'
Usage: wireshark [options] ... [ <infile> ]
Capture interface:
-i <interface> name or idx of interface (def: first non-loopback)
-f <capture filter> packet filter in libpcap filter syntax
-s <snaplen> packet snapshot length (def: 65535)
-p don't capture in promiscuous mode
-k start capturing immediately (def: do nothing)
-S update packet display when new packets are captured
-l turn on automatic scrolling while -S is in use
-I capture in monitor mode, if available
-B <buffer size> size of kernel buffer (def: 2MB)
-y <link type> link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit
Wireshark是一个X应用程序,因此它需要知道将X11显示输出发送到哪里。