Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by whitelisting our website.

Termshark a terminal user interface for tshark

If you’re debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, Termshark can help!

What is Termshark?


Termshark is a terminal user interface for Tshark, inspired by Wireshark.

TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. 

TShark‘s native capture file format is pcapng format, which is also the format used by Wireshark and various other tools.

Termshark Features

  • Read pcap files or sniff live interfaces (where tshark is permitted)
  • Filter pcaps or live captures using Wireshark’s display filters
  • Reassemble and inspect TCP and UDP flows
  • View network conversations by protocol
  • Copy ranges of packets to the clipboard from the terminal
  • Written in Golang, compiles to a single executable on each platform – downloads available for Linux, macOS, BSD variants, Android (termux), and Windows

tshark has many more features that Termshark doesn’t expose yet! See What’s Next.

adminhack adnin login android badrobo bootable camphish CMD easyhack ethical hacking facebook hacking fyatu fyatu credit card get instagram information hacking hacking with termux hidden honeygain ighack information gathering instagram instagram users info IP adress search IP Tracer kali linux kyc linux Linux shells new zphisher online earning penetration testing phishing python scripting shark social media hacking spamming termshark termux termux tool thebond tiktok monetisazion tshark verification wifi hacking youtube earning

Install Packages

Termshark is pre-packaged for the following platforms: Arch Linux, Debian (unstable), FreeBSD, Homebrew, MacPorts, Kali Linux, NixOS, SnapCraft, Termux (Android), and Ubuntu.


Termshark uses Go modules. Set GO111MODULE=on then run:

go install github.com/gcla/termshark/v2/cmd/termshark@v2.4.0

For versions of Go between 1.14 and 1.17, use

go get github.com/gcla/termshark/v2/cmd/termshark

Then add ~/go/bin/ to your PATH.

For all packet analysis, Termshark depends on tshark from the Wireshark project. Make sure tshark is in your PATH.

Termshark Quick Start

Inspect a local pcap:

termshark -r test.pcap

Capture ping packets on the interface eth0:

termshark -i eth0 icmp

Run termshark -h for options.


Pre-compiled executables are available via GitHub releases. Or download the latest build from the master branch -.


See the termshark user guide and my best guess at some FAQs. For a summary of updates, see the ChangeLog.


Termshark depends on these open-source packages:

  • tshark – command-line network protocol analyzer, part of Wireshark
  • tcell – a cell-based terminal handling package, inspired by termbox
  • gowid – compositional terminal UI widgets, inspired by urwid, built on tcell

Note that tshark is a run-time dependency, and must be in your PATH for termshark to function. Version 1.10.2 or higher is required (approx 2013).

Leave a Reply

Your email address will not be published. Required fields are marked *