Analyze Network Traffic With Termshark, A Terminal UI For TShark (Wireshark)


Termshark is a new terminal user interface for TShark (network protocol analyzer), inspired by Wireshark. It runs on Linux, macOS and Windows.

TShark is a terminal version of Wireshark, the free and open source packet analyzer used for network troubleshooting, analysis, software and communication protocol development. TShark doesn't have an interactive terminal user interface though, and this is where Termshark comes in.

Termshark is written in Go, and makes use of TShark which is part of Wireshark. Its interactive terminal interface uses tcell, a cell-based terminal handling package inspired by termbox, and gowid, a Go package that provides widgets and a framework for making terminal user interfaces.

The command line tool had its first release a few days ago, so don't expect it to support all of TShark's features just yet. Currently Termshark features:

  • Read pcap files or sniff live interfaces (where TShark is permitted)
  • Inspect each packet using familiar Wireshark-inspired views
  • Filter pcaps or live captures using Wireshark's display filters
  • Copy ranges of packets to the clipboard from the terminal

If you want to see it in action, there's a Termshark GIF on its homepage. I preferred not to add it to this article as it's a bit too large (3mb).

Post a Comment

Mới hơn Cũ hơn