Term port New terminal user interface for TShark (Network Protocol Analyzer) inspired by Wireshark. It runs on Linux, macOS, and Windows.shark Yes terminal version Wireshark, Free open source packet analyzer for network troubleshooting, analysis, software and communication protocol development. However, TShark does not have an interactive terminal user interface, which is what Termashark does.
termhark is written in Go and uses TShark from Wireshark. Its interactive terminal interface uses tcell (a termbox-based cell-based terminal processing package) and gowid (a Go package that provides widgets and a framework for creating a terminal user interface). The command line tool was released a few days ago, so don’t expect it to support all the features of TShark. Currently Termashark features:
- Read pcap file or sniff real-time interface (allows TShark)
- Examine each packet using the familiar Wireshark heuristic view
- Filter pcap or live capture with Wireshark’s display filter
- Copy packet range from terminal to clipboard
If you want to see it in action, you can use the Glossary GIF On its homepage. I would rather not add it to this article because it is too big (3mb).
Developers plan to improve termhark and plan for many features, such as the ability to select packets and display reassembled streams, display pcap statistics, use Wireshark coloring rules to color packets in the packet list view, and more.
Interactive network traffic analyzer includes some handy keyboard shortcuts, such as
/ Go to display filter
TAB Switch panes,
c Switch to copy mode, etc. You can also adjust the level (
+/-) Or vertical
>) Split or maximize the pane (
). All available keyboard shortcuts are displayed by pressing
See also: Wireless sniffer Kismet 2019-04-R1 adds new Web UI with support for non-WiFi capture
The “Termshark Version” page contains binaries for Linux (x64 and armv6), macOS, and Windows. Or you can Build it If you like, please do it yourself.
To install the termshark binary on Linux, get it from GitHub, unzip it, and install it from the unzipped folder
sudo install termshark /usr/local/bin/
Install TShark required by Termhark
To work properly, Termashhark requires TShark to be installed. This is part of Wireshark, and on macOS you can use brew (
brew install wireshark). On Linux, the package name depends on the distribution you are using. E.g,
tshark On Debian / Ubuntu, and the package that provides TShark on Fedora is called
wireshark-cli. So to install TShark on Debian, Ubuntu, Linux Mint, etc., use:
sudo apt install tshark
When prompted, answer
Should non-superusers be able to capture packets? To install wireshark-cli on Fedora:
sudo dnf install wireshark-cli
On Ubuntu and Fedora (and other Linux distributions), you also need to add users to
wireshark Group (created by TShark installation-if not, use
sudo groupadd wireshark) To be able to run TShark without root, so you can run termshark:
sudo usermod -a -G wireshark $USER
After that, I had to restart my Ubuntu 19.04 and Fedora 29 machines (normally you should log out / login, but this is not enough for me).
Quick termbase usage
You can now use Termshark. Use the following command to check the local pcap:
termshark -r myfile.pcap
myfile.pcap With the name (and path) of the pcap file.
Start Termshark and set it to read from the interface (
enp4s0 Change it to the interface available on the system in this example):
termshark -i enp4s0
Or read from the interface and apply
tcp Capture filters directly using:
termshark -i enp4s0 tcp