Termshark : A Terminal UI For Tshark

Termshark is a terminal user-interface for tshark, inspired by Wireshark.

If you’re debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, it can help!

Features

• Read pcap files or sniff live interfaces (where tshark is permitted).
• Inspect each packet using familiar Wireshark-inspired views
• Filter pcaps or live captures using Wireshark’s display filters
• Copy ranges of packets to the clipboard from the terminal
• Written in Golang, compiles to a single executable on each platform – downloads available for Linux (+termux), macOS, FreeBSD, and Windows

Also Read : HostHunter : To Discover Hostnames Using OSINT

Installation (FreeBSD)

It is in the FreeBSD ports tree! To install the package, run:

pkg install termshark

To build/install the port, run:

cd /usr/ports/net/termshark/ && make install clean

Building

It uses Go modules, so it’s best to compile with Go 1.11 or higher. Set GO111MODULE=on then run:

go get github.com/gcla/termshark/cmd/termshark

Then add ~/go/bin/ to your PATH.

For all packet analysis, it depends on tshark from the Wireshark project. Make sure tshark is in your PATH.

Quick Start

Inspect a local pcap:

termshark -r test.pcap

Capture ping packets on interface eth0:

termshark -i eth0 icmp

Run termshark -h for options.

Dependencies

It depends on these open-source packages:

• tshark – command-line network protocol analyzer, part of Wireshark
• tcell – a cell based terminal handling package, inspired by termbox
• gowid – compositional terminal UI widgets, inspired by urwid, built on tcell

Note that tshark is a run-time dependency, and must be in your PATH for it to function. Version 1.10.2 or higher is required (approx 2013).

Credits: Graham Clark