Error "cannot open display" when starting wireshark on Ubuntu command line

Question

I have installed wireshark on Ubuntu, When I run it:

/usr/bin/wireshark

I get an error:

(wireshark:27945): Gtk-WARNING **: cannot open display:

I want to run wireshark on the command prompt.

I don't want to use the UI. I'm not sure why it is complaining about a display, I want to run it on a port.

Answer 1

You can try tshark - which is a "console based wireshark" which is part of wireshark project.

You should read Read man tshark.

For example to capture http packet on 80 port run:

tshark -f 'tcp port 80 and http'

P.S. Example was fixed to use capture filter instead of display filter.

Answer 2

On Ubuntu, running wireshark complains about display:

el@apollo:~$ wireshark
(wireshark:20619): Gtk-WARNING **: cannot open display:

Set the DISPLAY environment variable:

export DISPLAY=:0.0
/usr/bin/wireshark

Then it works:

el@apollo:~$ wireshark -Y
wireshark: option requires an argument -- 'Y'

Usage: wireshark [options] ... [ <infile> ]

Capture interface:
  -i <interface>           name or idx of interface (def: first non-loopback)
  -f <capture filter>      packet filter in libpcap filter syntax
  -s <snaplen>             packet snapshot length (def: 65535)
  -p                       don't capture in promiscuous mode
  -k                       start capturing immediately (def: do nothing)
  -S                       update packet display when new packets are captured
  -l                       turn on automatic scrolling while -S is in use
  -I                       capture in monitor mode, if available
  -B <buffer size>         size of kernel buffer (def: 2MB)
  -y <link type>           link layer type (def: first appropriate)
  -D                       print list of interfaces and exit
  -L                       print list of link-layer types of iface and exit

wireshark is an X application, so it needs to know where to send the X11 display output.