Termshark a terminal user interface for tshark
If you’re debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, Termshark can help!
What is Termshark?
Termshark is a terminal user interface for Tshark, inspired by Wireshark.
⚡ TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file.
TShark‘s native capture file format is pcapng format, which is also the format used by Wireshark and various other tools.
- Read pcap files or sniff live interfaces (where tshark is permitted)
- Filter pcaps or live captures using Wireshark’s display filters
- Reassemble and inspect TCP and UDP flows
- View network conversations by protocol
- Copy ranges of packets to the clipboard from the terminal
- Written in Golang, compiles to a single executable on each platform – downloads available for Linux, macOS, BSD variants, Android (termux), and Windows
tshark has many more features that Termshark doesn’t expose yet! See What’s Next.
adminhack adnin login android badrobo bootable camphish CMD easyhack ethical hacking facebook hacking fyatu fyatu credit card get instagram information hacking hacking with termux hidden honeygain ighack information gathering instagram instagram users info IP adress search IP Tracer kali linux kyc linux Linux shells new zphisher online earning penetration testing phishing python scripting shark social media hacking spamming termshark termux termux tool thebond tiktok monetisazion tshark verification wifi hacking youtube earning
Termshark uses Go modules. Set
GO111MODULE=on then run:
go install firstname.lastname@example.org
For versions of Go between 1.14 and 1.17, use
go get github.com/gcla/termshark/v2/cmd/termshark
~/go/bin/ to your
For all packet analysis, Termshark depends on tshark from the Wireshark project. Make sure
tshark is in your
Termshark Quick Start
Inspect a local pcap:
termshark -r test.pcap
Capture ping packets on the interface
termshark -i eth0 icmp
termshark -h for options.
Pre-compiled executables are available via GitHub releases. Or download the latest build from the master branch -.
Termshark depends on these open-source packages:
- tshark – command-line network protocol analyzer, part of Wireshark
- tcell – a cell-based terminal handling package, inspired by termbox
- gowid – compositional terminal UI widgets, inspired by urwid, built on tcell
Note that tshark is a run-time dependency, and must be in your
PATH for termshark to function. Version 1.10.2 or higher is required (approx 2013).