Termshark
A terminal user-interface for tshark, inspired by Wireshark.
If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help!
Features
- Read pcap files or sniff live interfaces (where tshark is permitted).
- Inspect each packet using familiar Wireshark-inspired views
- Filter pcaps or live captures using Wireshark's display filters
- Copy ranges of packets to the clipboard from the terminal
- Written in Golang, compiles to a single executable on each platform - downloads available for Linux (+termux), macOS, FreeBSD, and Windows
tshark has many more features that termshark doesn't expose yet! See What's Next.
Building
Termshark uses Go modules, so it's best to compile with Go 1.11 or higher. Set GO111MODULE=on then run:
go get github.com/gcla/termshark/cmd/termsharkThen add ~/go/bin/ to your PATH.
For all packet analysis, termshark depends on tshark from the Wireshark project. Make sure tshark is in your PATH.
Quick Start
Inspect a local pcap:
termshark -r test.pcapCapture ping packets on interface eth0:
termshark -i eth0 icmpRun termshark -h for options.
Downloads
Pre-compiled executables are available via Github releases
User Guide
See the termshark user guide (and my best guess at some FAQs)
Dependencies
Termshark depends on these open-source packages:
- tshark - command-line network protocol analyzer, part of Wireshark
- tcell - a cell based terminal handling package, inspired by termbox
- gowid - compositional terminal UI widgets, inspired by urwid, built on tcell
Note that tshark is a run-time dependency, and must be in your PATH for termshark to function. Version 1.10.2 or higher is required (approx 2013).
Contact
- The author - Graham Clark (grclark@gmail.com)
