Wireshark host network

Hello everybody :slight_smile:
On my linux server (Pi4, Raspian) I run a lot of docker container. Now I want do analyse them with wireshark and here I have a problem, where I dont find the solution. Hope you can help me.
If I run the container in brigde mode with puplish port 3000, it works and I can connect to it, but of cource I can´t connect to the host network. And if I run the container in host mode I cant access to it. On portscan I only see Port 3350 gets opend, but no connection is possible. Other container in host mode works fine. The the log file don´t shown any interessting.
So the Question: Why in brigde mode port 3000 ins forwarded and in host mode port 3000 isn´t open? Therefor port 3350 is open but why i cant connect to it?
Any help welcome!
Grettings Mili

please share your compose, the container logs (they start with our ascii logo) and the output of uname -mr && docker version

Docker compose:

version: "2.1"
services:
  wireshark:
    image: lscr.io/linuxserver/wireshark:latest
    container_name: wireshark
    cap_add:
      - NET_ADMIN
    network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - /home/pi/wireshark:/config
    restart: unless-stopped

Log:

[migrations] started
[migrations] no migrations found
usermod: no changes
-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/
Brought to you by linuxserver.io
-------------------------------------
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid:    1000
User gid:    1000
-------------------------------------
[custom-init] No custom files found, skipping...

In the log file with port 3000, after the same output, comes:

guacd[178]: INFO:	Guacamole proxy daemon (guacd) version 1.1.0 started
guacd[178]: INFO:	Listening on host 0.0.0.0, port 4822
guacd[178]: INFO:	Guacamole connection closed during handshake
Starting guacamole-lite websocket server
listening on *:3000
[guac-init] Auto start not set, application start on login
[ls.io-init] done.

Output of uname -mr && docker version

5.10.103-v7l+ armv7l
Client: Docker Engine - Community
 Version:           20.10.22
 API version:       1.41
 Go version:        go1.18.9
 Git commit:        3a2c30b
 Built:             Thu Dec 15 22:27:56 2022
 OS/Arch:           linux/arm
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.22
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.18.9
  Git commit:       42c8b31
  Built:            Thu Dec 15 22:25:44 2022
  OS/Arch:          linux/arm
  Experimental:     false
 containerd:
  Version:          1.6.13
  GitCommit:        78f51771157abb6c9ed224c22013cdf09962315d
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

In host mode the websocket server isn´t started, but why?

Any ideas?

If I use

version: "2.1"
services:
  wireshark-host:
    image: lscr.io/linuxserver/wireshark:latest
    container_name: wireshark-host
    cap_add:
      - NET_ADMIN
    security_opt:
      - seccomp:unconfined #optional
    #network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - /home/pi/wireshark:/config
    ports:
      - 3000:3000 #optional
    restart: unless-stopped

Websocket server starts correct and I can access on Port 3000 - but no host network

version: "2.1"
services:
  wireshark-host:
    image: lscr.io/linuxserver/wireshark:latest
    container_name: wireshark-host
    cap_add:
      - NET_ADMIN
    security_opt:
      - seccomp:unconfined #optional
    network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - /home/pi/wireshark:/config
    ports:
      - 3000:3000 #optional
    restart: unless-stopped

No websocket server is started and I can´t access

Please, I need a tipp!

have you tried putting the seccomp into your compose with host mode? I suspect with a 32bit OS you will definitely want this (and you need to start planning to move to 64bit)

er i see in your update you show a compose with it, but you don’t show any logs with it. I’ve tested your compose locally, but i have no 32bit machines, in my case it worked fine.

Still the same …

version: "2.1"
services:
  wireshark-host:
    image: ghcr.io/linuxserver/wireshark:latest
    container_name: wireshark-host
    cap_add:
      - NET_ADMIN
    security_opt:
      - seccomp:unconfined #optional
    network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - /home/pi/wireshark:/config
    ports:
      - 3000:3000 #optional
    restart: unless-stopped
[custom-init] No custom services found, skipping...
[migrations] started
[migrations] no migrations found
-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/
Brought to you by linuxserver.io
-------------------------------------
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid:    1000
User gid:    1000
-------------------------------------
Generating 2048 bit rsa key...
ssl_gen_key_xrdp1 ok
saving to rsakeys.ini
Generating a RSA private key
...........+++++
.................................................+++++
writing new private key to '/etc/xrdp/key.pem'
-----
[custom-init] No custom files found, skipping...
version: "2.1"
services:
  wireshark-host:
    image: ghcr.io/linuxserver/wireshark:latest
    container_name: wireshark-host
    cap_add:
      - NET_ADMIN
    security_opt:
      - seccomp:unconfined #optional
    #network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - /home/pi/wireshark:/config
    ports:
      - 3000:3000 #optional
    restart: unless-stopped
[custom-init] No custom services found, skipping...
[migrations] started
[migrations] no migrations found
-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/
Brought to you by linuxserver.io
-------------------------------------
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid:    1000
User gid:    1000
-------------------------------------
Generating 2048 bit rsa key...
ssl_gen_key_xrdp1 ok
saving to rsakeys.ini
Generating a RSA private key
.............................+++++
................................................................................+++++
writing new private key to '/etc/xrdp/key.pem'
-----
[custom-init] No custom files found, skipping...
guacd[185]: INFO:	Guacamole proxy daemon (guacd) version 1.1.0 started
guacd[185]: INFO:	Listening on host 0.0.0.0, port 4822
guacd[185]: INFO:	Guacamole connection closed during handshake
Starting guacamole-lite websocket server
listening on *:3000
[guac-init] Auto start not set, application start on login
[ls.io-init] done.

Guacamole websocket don´t start in host mode …
I get crasy! :smiley: