by WastedHat » Tue Jun 28, 2016 10:28 am
Hi, does anyone know how to monitor traffic on the Pi over a remote connection with the Wireshark GUI?
So far I’ve tried using the native X window server on OSX with
ssh -l pi -X 192.168.1.170 then wireshark, which opens Wireshark in OSX however there are no capture interfaces available and the funcationality isnt all there. I also get the an error in terminal which is a known bug but I’m not sure how it relates to wireshark not working properly.
“** (wireshark:1367): WARNING **: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files”
I also tried ssh -l pi 192.168.1.170 ‘tshark -f “port !22″ -w -’ | wireshark -k -i - but no luck, I only get the local interfaces on my Mac.
I’m using Tshark for now but I would prefer the GUI. Thanks for any help.
———————————————— ———————————————— ————————————————
by Romonga » Tue Jun 28, 2016 11:45 am
Try gksudo wireshark after you ssh in with the -X option.
———————————————— ———————————————— ————————————————
by WastedHat » Tue Jun 28, 2016 4:07 pm
Thanks for your reply. I tried what you suggested and it loads wireshark with the correct interfaces but it throws up a few warnings about running wireshark as root, as soon as I close the warnings wireshark quits with an error message.
(wireshark:2004): Gdk-WARNING **: wireshark: Fatal IO error 11 (Resource temporarily unavailable) on X server localhost:10.0.
I followed this http://superuser.com/questions/319865/h … -on-debian
to run wireshark without root and it opens without the warnings with the correct interfaces however when I click anything on the GUI it closes with the same error.
I’ll just stick with Tshark for now and FTP the packet capture if I really need the GUI. Would be nice to have it live.
———————————————— ———————————————— ————————————————
by WastedHat » Tue Jun 28, 2016 4:08 pm
Forgot to add that I’m running Raspbian and its updated.
———————————————— ———————————————— ————————————————
by Romonga » Tue Jun 28, 2016 5:59 pm
WastedHat wrote:Forgot to add that I’m running Raspbian and its updated.
When you installed it. Did you do an sudo apt-get install wireshark ?

Source: https://www.raspberrypi.org/forums/v...?f=28&t=152867