If you’re debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, Termshark can help!
What is Termshark?
Termshark is a terminal user interface for Tshark, inspired by Wireshark.
⚡ TSharkis a network protocol analyzer. It lets you capture packet data from a live network or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file.
TShark‘s native capture file format ispcapng, which is also the format used byWiresharkand various other tools.
Termshark Features
- Read pcap files or sniff live interfaces (where tshark is permitted)
- Filter pcaps or live captures using Wireshark’s display filters
- Reassemble and inspect TCP and UDP flows
- View network conversations by protocol
- Copy ranges of packets to the clipboard from the terminal
- Written in Golang, compiles to a single executable on each platform – downloads available for Linux, macOS, BSD variants, Android (termux), and Windows
tshark has many additional features that Termshark does not yet expose! SeeWhat’s Next.
Install Packages
Termshark is pre-packaged for the following platforms: Arch Linux, Debian (unstable), FreeBSD, Homebrew, MacPorts,Kali Linux, NixOS, SnapCraft, Termux (Android), andUbuntu.
Building
Termshark uses Go modules. SetGO111MODULE=on
then run:
go install github.com/gcla/termshark/v2/cmd/termshark@v2.4.0
For versions of Go between 1.14 and 1.17, use
go get github.com/gcla/termshark/v2/cmd/termshark
Then add~/go/bin/
to yourPATH
.
For all packet analysis, Termshark depends on tshark from the Wireshark project. Make suretshark
is in yourPATH
.
Termshark Quick Start
Inspect a local pcap:
termshark -r test.pcap
Capture ping packets on the interfaceeth0
:
termshark -i eth0 icmp
Runtermshark -h
for options.
Downloads
Pre-compiled executables are available viaGitHub releases. Or download the latest build from the master branch.
Documentation
See thetermshark user guide and my best guess at someFAQs. For a summary of updates, see theChangeLog.
Dependencies
Termshark depends on these open-source packages:
- tshark– command-line network protocol analyzer, part ofWireshark
- tcell– a cell-based terminal handling package, inspired by termbox
- gowid– compositional terminal UI widgets, inspired byurwid, built ontcell
Note that tshark is a run-time dependency, and must be in yourPATH
for termshark to function. Version 1.10.2 or higher is required (approx 2013).
Lucas
Ce sont des bon truc vraiment