A terminal user-interface for tshark, inspired by Wireshark.
If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help!
Features
- Read pcap files or sniff live interfaces (where tshark is permitted).
- Inspect each packet using familiar Wireshark-inspired views
- Filter pcaps or live captures using Wireshark's display filters
- Copy ranges of packets to the clipboard from the terminal
- Written in Golang, compiles to a single executable on each platform - downloads available for Linux (+termux), macOS, FreeBSD, and Windows
tshark has many more features that termshark doesn't expose yet! See What's Next.
Installation (FreeBSD)
Termshark is in the FreeBSD ports tree! To install the package, run:
pkg install termsharkTo build/install the port, run:
cd /usr/ports/net/termshark/ && make install cleanBuilding
Termshark uses Go modules, so it's best to compile with Go 1.11 or higher. Set
GO111MODULE=on then run:go get github.com/gcla/termshark/cmd/termshark~/go/bin/ to your PATH.For all packet analysis, termshark depends on tshark from the Wireshark project. Make sure
tshark is in your PATH.Quick Start
Inspect a local pcap:
termshark -r test.pcapeth0:termshark -i eth0 icmptermshark -h for options.User Guide
See the termshark user guide (and my best guess at some FAQs)
Dependencies
Termshark depends on these open-source packages:
- tshark - command-line network protocol analyzer, part of Wireshark
- tcell - a cell based terminal handling package, inspired by termbox
- gowid - compositional terminal UI widgets, inspired by urwid, built on tcell
PATH for termshark to function. Version 1.10.2 or higher is required (approx 2013).Contact
- The author - Graham Clark (grclark@gmail.com)