Repository files navigation

A terminal user-interface for tshark, inspired by Wireshark.

V2.4 is out now with packet search and profiles for colors and columns! See theChangeLog.

If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help!

• Read pcap files or sniff live interfaces (where tshark is permitted)
• Filter pcaps or live captures using Wireshark's display filters
• Reassemble and inspect TCP and UDP flows
• View network conversations by protocol
• Copy ranges of packets to the clipboard from the terminal
• Written in Golang, compiles to a single executable on each platform - downloads available for Linux, macOS, BSD variants, Android (termux) and Windows

tshark has many more features that termshark doesn't expose yet! SeeWhat's Next.

Termshark is pre-packaged for the following platforms:Arch Linux,Debian (unstable),FreeBSD,Homebrew,MacPorts,Kali Linux,NixOS,SnapCraft,Termux (Android) andUbuntu.

Termshark uses Go modules. SetGO111MODULE=on then run:

go install github.com/gcla/termshark/v2/cmd/termshark@v2.4.0

For versions of Go between 1.14 and 1.17, use

go get github.com/gcla/termshark/v2/cmd/termshark

Then add~/go/bin/ to yourPATH.

For all packet analysis, termshark depends on tshark from the Wireshark project. Make suretshark is in yourPATH.

Inspect a local pcap:

termshark -r test.pcap

Capture ping packets on interfaceeth0:

termshark -i eth0 icmp

Runtermshark -h for options.

Pre-compiled executables are available viaGithub releases. Or download the latest build from the master branch -.

See thetermshark user guide, and my best guess at someFAQs. For a summary of updates, see theChangeLog.

Termshark depends on these open-source packages:

• tshark - command-line network protocol analyzer, part ofWireshark
• tcell - a cell based terminal handling package, inspired by termbox
• gowid - compositional terminal UI widgets, inspired byurwid, built ontcell

Note that tshark is a run-time dependency, and must be in yourPATH for termshark to function. Version 1.10.2 or higher is required (approx 2013).

Thanks to everyone that's contributed ports, patches and effort!

Ross Jacobs 💻🐛📓	Hongarc 📖	Ryan Steinmetz 📦	Nicolai Søborg 📦	Elliott Sales de Andrade 💻	Romanos 💻	Denys 🐛
jerry73204 📦	Jon Knapp 📦	Mario Harjac 📦	Andrew Benson 🐛	sagis-tikal 🐛	punkymaniac 🐛	msenturk 🐛
Sandor Szücs 🐛	Dawid Dziurla 🐛📦	jJit0 🐛	inzel 🐛	thejerrod 🤔	gdluca 🐛	Patrick Winter 📦
Robert Larsen 🤔📓	MinJae Kwon 🐛	the-c0d3r 🤔	Gisle Vanem 🐛	hook 🐛	Lennart Koopmann 🤔	Fernandez, ReK2 🐛
mazball 🤔	wfailla 🤔	荣怡 🤔	thebyrdman-git 🐛	Clemens Mosig 🐛	Michael Rash 📓	joelparker 📓
Dragos Maftei 🤔	Matthew Giassa 🤔	Sean Abbott 📦	Vincent Wang 🤔	piping 🤔	kevinhwang91 🤔🐛	Justin Overfelt 🤔
Anthony 🤔	basondole 🐛	zoulja 🐛	freddii 🐛	Thord Setsaas 📖	deliciouslytyped 🐛	factorion 📦
Herby Gillot 📦	nmeum 🤔	Aaron Bieber 🤔	elig0n 🤔	luzpaz 📖	uzxmx 💻

• The author - Graham Clark (grclark@gmail.com)