Termshark a terminal user interface for tshark

If you’re debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, Termshark can help!

What is Termshark?


Termshark is a terminal user interface for Tshark, inspired by Wireshark.

TSharkis a network protocol analyzer. It lets you capture packet data from a live network or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file.

TShark‘s native capture file format ispcapng, which is also the format used byWiresharkand various other tools.

Termshark Features

  • Read pcap files or sniff live interfaces (where tshark is permitted)
  • Filter pcaps or live captures using Wireshark’s display filters
  • Reassemble and inspect TCP and UDP flows
  • View network conversations by protocol
  • Copy ranges of packets to the clipboard from the terminal
  • Written in Golang, compiles to a single executable on each platform – downloads available for Linux, macOS, BSD variants, Android (termux), and Windows

tshark has many additional features that Termshark does not yet expose! SeeWhat’s Next.

Install Packages

Termshark is pre-packaged for the following platforms: Arch Linux, Debian (unstable), FreeBSD, Homebrew, MacPorts,Kali Linux, NixOS, SnapCraft, Termux (Android), andUbuntu.


Termshark uses Go modules. SetGO111MODULE=onthen run:

go install github.com/gcla/termshark/v2/cmd/termshark@v2.4.0

For versions of Go between 1.14 and 1.17, use

go get github.com/gcla/termshark/v2/cmd/termshark

Then add~/go/bin/to yourPATH.

For all packet analysis, Termshark depends on tshark from the Wireshark project. Make suretsharkis in yourPATH.

Termshark Quick Start

Inspect a local pcap:

termshark -r test.pcap

Capture ping packets on the interfaceeth0:

termshark -i eth0 icmp

Runtermshark -hfor options.


Pre-compiled executables are available viaGitHub releases. Or download the latest build from the master branch.


See thetermshark user guide and my best guess at someFAQs. For a summary of updates, see theChangeLog.


Termshark depends on these open-source packages:

  • tshark– command-line network protocol analyzer, part ofWireshark
  • tcell– a cell-based terminal handling package, inspired by termbox
  • gowid– compositional terminal UI widgets, inspired byurwid, built ontcell

Note that tshark is a run-time dependency, and must be in yourPATHfor termshark to function. Version 1.10.2 or higher is required (approx 2013).

You may also like...

1 Response

  1. Lucas says:

    Ce sont des bon truc vraiment

Leave a Reply