Termshark
A terminal user-interface for tshark, inspired by Wireshark.
If you’re debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help!
Features
- Read pcap files or sniff live interfaces (where tshark is permitted).
- Inspect each packet using familiar Wireshark-inspired views
- Filter pcaps or live captures using Wireshark’s display filters
- Copy ranges of packets to the clipboard from the terminal
- Written in Golang, compiles to a single executable on each platform – downloads available for Linux (+termux), macOS, FreeBSD, and Windows
Changelog v2.1.1
b59be9c Gorelease tagged what was in github, rather than what was local
Use
It provides a terminal-based user interface for analyzing packet captures. It’s inspired by Wireshark and depends on tshark for all its intelligence. Termshark is run from the command-line. You can see its options with
termshark v1.0.0
A wireshark-inspired terminal user interface for tshark. Analyze network traffic interactively from your terminal.
See https://github.com/gcla/termshark for more information.
Usage:
termshark [FilterOrFile]
Application Options:
-i=<interface> Interface to read.
-r=<file> Pcap file to read.
-d=<layer type>==<selector>,<decode-as protocol> Specify dissection of layer type.
-Y=<displaY filter> Apply display filter.
-f=<capture filter> Apply capture filter.
--pass-thru=[yes|no|auto|true|false] Run tshark instead (auto => if stdout is not a tty). (default: auto)
--log-tty=[yes|no|true|false] Log to the terminal.. (default: false)
-h, --help Show this help message.
-v, --version Show version information.
Arguments:
FilterOrFile: Filter (capture for iface, display for pcap), or pcap file to read.
If --pass-thru is true (or auto, and stdout is not a tty), tshark will be
executed with the supplied command- line flags. You can provide
tshark-specific flags and they will be passed through to tshark (-n, -d, -T,
etc). For example:
$ termshark -r file.pcap -T psml -n | less
Copyright (c) 2019 Graham Clark
