How to install tshark on Docker?

Question

I want to install tshark on ubuntu17.04 on Docker for Mac with Dockerfile. I am using docker-compose

In apt install tshark, there is a following prompt.
The prompt stopping install despite I typed yes.

How to install tshark in Dockerfile?

Dumpcap can be installed in a way that allows members of the "wireshark" system
group to capture packets. This is recommended over the alternative of running
Wireshark/Tshark directly as root, because less of the code will run with
elevated privileges.

For more detailed information please see
/usr/share/doc/wireshark-common/README.Debian.

Enabling this feature may be a security risk, so it is disabled by default. If
in doubt, it is suggested to leave it disabled.

Should non-superusers be able to capture packets? [yes/no] yes

score 13 · Answer 1 · edited Dec 29 '19 at 12:59

13

RUN DEBIAN_FRONTEND=noninteractive apt-get install -y tshark

Will install without needing user interaction.

edited Dec 29 '19 at 12:59

AymDev

6,626
4
29
52

answered Aug 17 '17 at 00:45

Whereisccguys

331
4
15

Have no idea why, but if I had tshark at the end of package list to install it does not work. If I had it as single one, works perfectly: RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y tshark RUN apt-get update && apt-get install -y git python python-pip iputils-ping traceroute – Tomasz Nov 29 '18 at 09:20
@Tomasz I'm having exactly the same issue, did you find the reason why is it behaving in this way? – Furin May 14 '20 at 10:25

score 1 · Answer 2 · answered Apr 03 '17 at 04:38

1

First, you generally have (to avoid having to type 'yes'):

RUN apt install -yq xxx

Second:

you can check out this tshark image, which does install dumcap; by compiling wireshark, which produced dumpcap.
the alternative (no compilation, only install) is this image

The install command becomes in that last case:

# Install build wireshark, need to run as root RUN apt-get update && \
    apt-get install -y wireshark && \
    groupadd wireshark && \
    usermod -aG wireshark developer && \
    setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap && \
    chgrp wireshark /usr/bin/dumpcap && \
    chmod 750 /usr/bin/dumpcap

answered Apr 03 '17 at 04:38

VonC

1,262,500
529
4,410
5,250

I tried First example `RUN apt install -yq tshark` But the prompt make stopping installation. – KiYugadgeter Apr 03 '17 at 05:53
@KiYugadgeter OK. Maybe the second example would be better in that case. Regarding the first example, make sure ti use the same base image. – VonC Apr 03 '17 at 06:30
I have also attempted second way. but same message displaying. – KiYugadgeter Jun 24 '17 at 08:32

score 0 · Answer 3 · answered Aug 05 '22 at 10:27

I just made it

docker exec -it <container ID> /bin/sh
apt update
apt-get install tshark

-i,

--interactive Keep STDIN open even if not attached

--privileged Give extended privileges to the command

-t, --tty Allocate a pseudo-TTY

How to install tshark on Docker?

3 Answers3