Query about monitoring unknown Internet traffic

Karl Auer kauer at biplane.com.au
Mon Oct 19 09:11:49 UTC 2015

On Mon, 2015-10-19 at 12:45 +0800, Bret Busby wrote:
> > I tried to run gksudo wireshark, but nothing happened, so, after a
> > couple of minutes, I did <CTRL><C> .

Nothing? Assuming of course that your graphical interface is X and is
running and you are logged in, I would expect the following things to
happen. Perhaps you could indicate at which step "nothing happened":

1: start a terminal (on your X server, not a console!)
2: a terminal window appears in X
3: a non-root prompt appears in the terminal
4: type "gksudo wireshark" at prompt, press enter
5: Some GTK output *may* appear in the terminal window
6: a small gksudo password dialogue will appear
7: enter your password, press enter
8: some GTK output *may* appear in the terminal window
9: gksudo window vanishes, wireshark starts
10: lua error message appears, click OK
11: lua dialogue disappears
12: wireshark now usable, interfaces listed
13: some GTK output *may* appear in the terminal window
14: when done close wireshark
15: some GTK output *may* appear in the terminal window
16: non-root prompt appears in terminal window
17: type "exit", press enter to close terminal
18: terminal window closes

If it just sat there at any point I would think it was waiting for your
input somewhere you couldn't see it - like under another window or in
another workspace.

> > "Lua: error during loading:

I specifically mentioned that error message, and told you it was normal
and could be ignored.

> "Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged."
> and nothing further happened, so, once again, <CTRL<C> .

Again, it sounds to me like the window was open and running, but
somewhere unexpected. Could be wrong of course.

> > So, it appears that wireshark can not be run as a superuser, and it is
> > designed to be difficult to be run as an ordinary user.

Not at all. Don't make the mistake of thinking that because YOU have
difficulties, everyone does. I, like thousands before me, have found
wireshark a doddle to install, easy to use at a basic level, and very,
very powerful after a bit of experience with it.

I repeat: All the hoo-hah with groups is not necessary; wireshark can be
run as root, and will work fine. If it is not working fine for you, then
some characteristic of your system is unusual. Instead of getting your
head in a combative space, relax and let us work it out with you.

The payoff, once you get wireshark working, will be well worth the

One alternative - already mentioned I think - is to run tcpdump (as
root) to capture packets for a few minutes, then load the pcap file into
wireshark (no root access required) for inspection.

Regards, K,

Karl Auer (kauer at biplane.com.au)

GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882

More information about the ubuntu-users mailing list