termshark
A terminal user-interface for tshark, inspired by Wireshark.
If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help!
Features
- Read pcap files or sniff live interfaces (where tshark is permitted).
- Inspect each packet using familiar Wireshark-inspired views
- Filter pcaps or live captures using Wireshark's display filters
- Copy ranges of packets to the clipboard from the terminal
- Written in Golang, compiles to a single executable on each platform - downloads available for Linux (+termux), macOS, FreeBSD, and Windows
Building
Termshark uses Go modules, so it's best to compile with Go 1.11 or higher. Set GO111MODULE=on
then run:
go get github.com/gcla/termshark/cmd/termshark
Then add ~/go/bin/
to your PATH
.
For all packet analysis, termshark depends on tshark from the Wireshark project. Make sure tshark
is in your PATH
.
Quick Start
Inspect a local pcap:
termshark -r test.pcap
Capture ping packets on interface eth0
:
termshark -i eth0 icmp
Run termshark -h
for options.