Termshark is an open-source, terminal-based network packet analyzer that brings the powerful, multi-pane user experience of Wireshark directly into your command-line interface. Written in Go, it acts as an interactive Terminal User Interface (TUI) wrapper around tshark (Wireshark’s native command-line tool).
It solves a major headache for sysadmins, DevOps engineers, and security analysts: inspecting large packet captures (.pcap files) on remote servers over SSH without having to download multi-gigabyte files to a local machine just to open them in a graphical app. Core Features
Wireshark-Inspired Interface: The layout splits your terminal into three distinct, scrollable panes: a packet list view, a hierarchical protocol tree (dissector) view, and a raw Hex/ASCII data dump view.
Live Sniffing & File Reading: You can monitor active network interfaces in real-time or load existing packet capture files natively from the console.
Advanced Display Filters: It fully supports Wireshark’s exact display filter syntax, allowing you to isolate traffic instantly by pressing the / key.
Stream Reassembly: Easily reassemble and inspect complete TCP or UDP data streams directly inside the terminal to view full conversation payloads.
Network Conversations: Group traffic by protocol to quickly view session statistics and isolate top talkers on a network.
Cross-Platform Portability: Because it compiles into a single executable, it runs seamlessly without graphical dependencies on Linux, macOS, BSD, Windows, and even Android via Termux. Key Navigation Shortcuts
Navigating a full GUI experience inside a text terminal is surprisingly easy via the keyboard:
termshark v2: a terminal UI for tshark, that imitates Wireshark – now with stream reassembly and dark mode!
Leave a Reply