Analyze network traffic using Terhark’s terminal UI (Wireshark) for TShark

Term port New terminal user interface for TShark (Network Protocol Analyzer) inspired by Wireshark. It runs on Linux, macOS, and Windows.shark Yes terminal version Wireshark, Free open source packet analyzer for network troubleshooting, analysis, software and communication protocol development. However, TShark does not have an interactive terminal user interface, which is what Termashark does.
termhark is written in Go and uses TShark from Wireshark. Its interactive terminal interface uses tcell (a termbox-based cell-based terminal processing package) and gowid (a Go package that provides widgets and a framework for creating a terminal user interface). The command line tool was released a few days ago, so don’t expect it to support all the features of TShark. Currently Termashark features:

  • Read pcap file or sniff real-time interface (allows TShark)
  • Examine each packet using the familiar Wireshark heuristic view
  • Filter pcap or live capture with Wireshark’s display filter
  • Copy packet range from terminal to clipboard

If you want to see it in action, you can use the Glossary GIF On its homepage. I would rather not add it to this article because it is too big (3mb).

Developers plan to improve termhark and plan for many features, such as the ability to select packets and display reassembled streams, display pcap statistics, use Wireshark coloring rules to color packets in the packet list view, and more.
Interactive network traffic analyzer includes some handy keyboard shortcuts, such as / Go to display filter TAB Switch panes, c Switch to copy mode, etc. You can also adjust the level (+/-) Or vertical ) Split or maximize the pane (). All available keyboard shortcuts are displayed by pressing ?.
See also: Wireless sniffer Kismet 2019-04-R1 adds new Web UI with support for non-WiFi capture

Download Termshark

The “Termshark Version” page contains binaries for Linux (x64 and armv6), macOS, and Windows. Or you can Build it If you like, please do it yourself.
To install the termshark binary on Linux, get it from GitHub, unzip it, and install it from the unzipped folder /usr/local/bin use:

sudo install termshark /usr/local/bin/

Install TShark required by Termhark

To work properly, Termashhark requires TShark to be installed. This is part of Wireshark, and on macOS you can use brew (brew install wireshark). On Linux, the package name depends on the distribution you are using. E.g, tshark On Debian / Ubuntu, and the package that provides TShark on Fedora is called wireshark-cli. So to install TShark on Debian, Ubuntu, Linux Mint, etc., use:

sudo apt install tshark

When prompted, answer Yes To Should non-superusers be able to capture packets? To install wireshark-cli on Fedora:

sudo dnf install wireshark-cli

On Ubuntu and Fedora (and other Linux distributions), you also need to add users to wireshark Group (created by TShark installation-if not, use sudo groupadd wireshark) To be able to run TShark without root, so you can run termshark:

sudo usermod -a -G wireshark $USER

After that, I had to restart my Ubuntu 19.04 and Fedora 29 machines (normally you should log out / login, but this is not enough for me).

Quick termbase usage

You can now use Termshark. Use the following command to check the local pcap:

termshark -r myfile.pcap

Replace myfile.pcap With the name (and path) of the pcap file.
Start Termshark and set it to read from the interface (enp4s0 Change it to the interface available on the system in this example):

termshark -i enp4s0

Or read from the interface and apply tcp Capture filters directly using:

termshark -i enp4s0 tcp

For more information on using Termashark, see User guide with FAQ.
Pass r / command line


Related Posts