https://github.com/gcla/termshark
A terminal UI for tshark, inspired by Wireshark
https://github.com/gcla/termshark
go golang gowid pcap tcell tshark tui wireshark
Last synced: 6 months ago
JSON representation
A terminal UI for tshark, inspired by Wireshark
- Host: GitHub
- URL: https://github.com/gcla/termshark
- Owner: gcla
- License: mit
- Created: 2019-04-20T03:08:13.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2024-04-30T06:15:11.000Z (over 1 year ago)
- Last Synced: 2025-05-14T08:04:38.079Z (6 months ago)
- Topics: go, golang, gowid, pcap, tcell, tshark, tui, wireshark
- Language: Go
- Size: 21.2 MB
- Stars: 9,393
- Watchers: 121
- Forks: 418
- Open Issues: 42
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
- awesome-go - gcla/termshark
- fucking-Awesome-Linux-Software - ![Open-Source Software - A terminal UI for tshark, inspired by Wireshark. (Applications / Security)
- awesome-repositories - gcla/termshark - A terminal UI for tshark, inspired by Wireshark (Go)
- awesome-starts - gcla/termshark - A terminal UI for tshark, inspired by Wireshark (Go)
- awesome-list - termshark
- awesome-golang-repositories - termshark
- Awesome-Linux-Software - ![Open-Source Software - A terminal UI for tshark, inspired by Wireshark. (Applications / Security)
- awesome-network-stuff - **4857**ζ
- awesomeness - Termshark - A terminal-based UI for `tshark`. (π Networking / βΈοΈ Kubernetes)
- awesome-hacking-lists - gcla/termshark - A terminal UI for tshark, inspired by Wireshark (Go)
README
[twitter-follow-url]: https://twitter.com/intent/follow?screen_name=termshark
[twitter-follow-img]: https://img.shields.io/twitter/follow/termshark.svg?style=social&label=Follow
# Termshark
A terminal user-interface for tshark, inspired by Wireshark.
**V2.4 is out now with packet search and profiles for colors and columns! See the [ChangeLog](CHANGELOG.md#changelog).**
If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help!
## Features
- Read pcap files or sniff live interfaces (where tshark is permitted)
- Filter pcaps or live captures using Wireshark's display filters
- Reassemble and inspect TCP and UDP flows
- View network conversations by protocol
- Copy ranges of packets to the clipboard from the terminal
- Written in Golang, compiles to a single executable on each platform - downloads available for Linux, macOS, BSD variants, Android (termux) and Windows
tshark has many more features that termshark doesn't expose yet! See [What's Next](docs/FAQ.md#whats-next).
## Install Packages
Termshark is pre-packaged for the following platforms: [Arch Linux](docs/Packages.md#arch-linux), [Debian (unstable)](docs/Packages.md#debian), [FreeBSD](docs/Packages.md#freebsd), [Homebrew](docs/Packages.md#homebrew), [MacPorts](docs/Packages.md#macports), [Kali Linux](docs/Packages.md#kali-linux), [NixOS](docs/Packages.md#nixos), [SnapCraft](docs/Packages.md#snapcraft), [Termux (Android)](docs/Packages.md#termux-android) and [Ubuntu](docs/Packages.md#ubuntu).
## Building
Termshark uses Go modules. Set `GO111MODULE=on` then run:
```bash
go install github.com/gcla/termshark/v2/cmd/termshark@v2.4.0
```
For versions of Go between 1.14 and 1.17, use
```bash
go get github.com/gcla/termshark/v2/cmd/termshark
```
Then add ```~/go/bin/``` to your ```PATH```.
For all packet analysis, termshark depends on tshark from the Wireshark project. Make sure ```tshark``` is in your ```PATH```.
## Quick Start
Inspect a local pcap:
```bash
termshark -r test.pcap
```
Capture ping packets on interface ```eth0```:
```bash
termshark -i eth0 icmp
```
Run ```termshark -h``` for options.
## Downloads
Pre-compiled executables are available via [Github releases](https://github.com/gcla/termshark/releases). Or download the latest build from the master branch - [](https://travis-ci.com/gcla/termshark).
## Documentation
See the [termshark user guide](docs/UserGuide.md), and my best guess at some [FAQs](docs/FAQ.md). For a summary of updates, see the [ChangeLog](CHANGELOG.md#changelog).
## Dependencies
Termshark depends on these open-source packages:
- [tshark](https://www.wireshark.org/docs/man-pages/tshark.html) - command-line network protocol analyzer, part of [Wireshark](https://wireshark.org)
- [tcell](https://github.com/gdamore/tcell) - a cell based terminal handling package, inspired by termbox
- [gowid](https://github.com/gcla/gowid) - compositional terminal UI widgets, inspired by [urwid](http://urwid.org), built on [tcell](https://github.com/gdamore/tcell)
Note that tshark is a run-time dependency, and must be in your ```PATH``` for termshark to function. Version 1.10.2 or higher is required (approx 2013).
## Contributors
Thanks to everyone that's contributed ports, patches and effort!
Ross Jacobs
π» π π
Hongarc
π
Ryan Steinmetz
π¦
Nicolai SΓΈborg
π¦
Elliott Sales de Andrade
π»
Romanos
π»
Denys
π
jerry73204
π¦
Jon Knapp
π¦
Mario Harjac
π¦
Andrew Benson
π
sagis-tikal
π
punkymaniac
π
msenturk
π
Sandor SzΓΌcs
π
Dawid Dziurla
π π¦
jJit0
π
inzel
π
thejerrod
π€
gdluca
π
Patrick Winter
π¦
Robert Larsen
π€ π
MinJae Kwon
π
the-c0d3r
π€
Gisle Vanem
π
hook
π
Lennart Koopmann
π€
Fernandez, ReK2
π
mazball
π€
wfailla
π€
θ£ζ‘
π€
thebyrdman-git
π
Clemens Mosig
π
Michael Rash
π
joelparker
π
Dragos Maftei
π€
Matthew Giassa
π€
Sean Abbott
π¦
Vincent Wang
π€
piping
π€
kevinhwang91
π€ π
Justin Overfelt
π€
Anthony
π€
basondole
π
zoulja
π
freddii
π
Thord Setsaas
π
deliciouslytyped
π
factorion
π¦
Herby Gillot
π¦
nmeum
π€
Aaron Bieber
π€
elig0n
π€
luzpaz
π
uzxmx
π»
## Contact
- The author - Graham Clark (grclark@gmail.com) [![Follow on Twitter][twitter-follow-img]][twitter-follow-url]
## License
[](LICENSE)