On 06/25/2018 12:09 PM, Mathieu Tarral via Wireshark-users wrote:
Hi,
I'm running into a small issue with tshark, because i'm using it as root inside a Docker container, to transform a PCAP into a JSON output:
tshark -r file.pcap -T json
However, because of the warning printed by tshark at the beginning of the file,
("Running as user "root" and group "root". This could be dangerous." and
"dofile has been disabled due to running Wireshark as superuser")
the JSON file is invalid.
Is there a way to disable these messages ?
refactoring my container to use a non-root user will be a lot of work.
Of course you really *shouldn't* be running tshark's couple of million
lines of code as root. It's just plain not safe.
Regardless...
What's the complete command line you're using? That warning /should/ be
sent to stderr which means that running like this:
% tshark -r file.pcap -T json > file.json
Should generate a valid output file; the warning will be seen on your
screen rather than put the file.
IOW don't redirect stderr (2>&1) when running the command.
