termshark v2.1.1 releases: A terminal UI for tshark

by do son · Published June 30, 2019 · Updated February 3, 2020

Termshark

A terminal user-interface for tshark, inspired by Wireshark.

If you’re debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help!

Features

Read pcap files or sniff live interfaces (where tshark is permitted).
Inspect each packet using familiar Wireshark-inspired views
Filter pcaps or live captures using Wireshark’s display filters
Copy ranges of packets to the clipboard from the terminal
Written in Golang, compiles to a single executable on each platform – downloads available for Linux (+termux), macOS, FreeBSD, and Windows

Changelog v2.1.1

b59be9c Gorelease tagged what was in github, rather than what was local

Use

It provides a terminal-based user interface for analyzing packet captures. It’s inspired by Wireshark and depends on tshark for all its intelligence. Termshark is run from the command-line. You can see its options with

termshark v1.0.0

A wireshark-inspired terminal user interface for tshark. Analyze network traffic interactively from your terminal.
See https://github.com/gcla/termshark for more information.

Usage:
  termshark [FilterOrFile]

Application Options:
  -i=<interface>                                          Interface to read.
  -r=<file>                                               Pcap file to read.
  -d=<layer type>==<selector>,<decode-as protocol>        Specify dissection of layer type.
  -Y=<displaY filter>                                     Apply display filter.
  -f=<capture filter>                                     Apply capture filter.
      --pass-thru=[yes|no|auto|true|false]                Run tshark instead (auto => if stdout is not a tty). (default: auto)
      --log-tty=[yes|no|true|false]                       Log to the terminal.. (default: false)
  -h, --help                                              Show this help message.
  -v, --version                                           Show version information.

Arguments:
  FilterOrFile:                                           Filter (capture for iface, display for pcap), or pcap file to read.

If --pass-thru is true (or auto, and stdout is not a tty), tshark will be
executed with the supplied command- line flags. You can provide
tshark-specific flags and they will be passed through to tshark (-n, -d, -T,
etc). For example:

$ termshark -r file.pcap -T psml -n | less

termshark v2.1.1 releases: A terminal UI for tshark

Search

Suggested Reading

termshark v2.1.1 releases: A terminal UI for tshark

Termshark

Features

Use

Download & Tutorial

Search

Suggested Reading