Term port, A Wireshark-like interactive terminal interface written in Go language for TShark, has been updated to version 2.1 (2.1.0, followed by 2.1.1 to solve the problem), and provides new features, such as The most common type of dialogue view, there are multiple real-time capture/interfaces on the command line, the extcap interface is supported by default, and so on.Wireshark It is a popular free and open source network protocol analyzer, suitable for Linux, macOS, BSD, Solaris and other Unix-like operating systems and Microsoft Windows. Wireshark has a GUI, and for those who wish to use it from the command line, TShark can be used, which is a terminal-oriented version of Wireshark for capturing and displaying packets. However, TShark does not have an interactive user interface.
This is the use of Termashark. Termashark is TShark’s interactive terminal user interface (TUI), which is inspired by the Wireshark user interface. Its functions include:
- Read the pcap file or sniff the real-time interface (allow the use of tshark)
- Use Wireshark’s display filter to filter pcap or capture in real time
- Reassemble and check TCP and UDP streams
- View network conversations by agreement
- Copy the packet range from the terminal to the clipboard
- Suitable for light and dark terminals (see
Toggle Dark ModeItems in the application
- Cross-platform (written in Go), available for Linux, macOS, FreeBSD, Android (Termux) and Windows
|Termshark 2.1.1 conversation view|
New features in termhar 2.1 (2.1.1.):
- Added new dialog views for the most common dialog types (Ethernet, IPv4, IPv6, TCP and UDP). Can be from
Analysis menu > Conversations
- Supports multiple real-time captures/interfaces on the command line. Previously, you could only run Termashark on one interface, for example
termshark -i eth0, But in this version, you can specify multiple interfaces, such as
termshark -i eth0 -i eth1 -i eth2
- If the data cannot fit in the available space, Termshark’s packet hexadecimal view will display a scroll bar
- termhark can use the capinfos binary file (bundled with tshark) to display the attributes of the capture file.
- Terminology port now supports extcap interface default. The extcap interface is a plug-in interface that allows external binary files to directly act as a capture interface in Wireshark. It is used to capture scenarios where the source is not a traditional capture model (real-time capture from interfaces, pipelines, files, etc.)
- Now users can copy the captured file information to the clipboard. Open the capture file properties and click
cFor copy mode, then press
- Use the latest gowid (a widget for terminal user interface, written in Go) to maximize the dialog. This is bound to
zKeys when the modal dialog box is opened
- Other minor improvements and bug fixes
Also, in case you missed it, the previous version of Termashark (2.0.3) used Wireshark by default and introduced support for colored packets in the list view
colorfilter Rules, and support for TShark
-t Option to specify the timestamp format in the packet list view. You may also like: band which shows the content that takes up network bandwidth on Linux and macOS
By clicking the download link on the button above, you will be taken to the Termshark GitHub version tab, from where you can download source code or binary files for Linux (armv6 and x64), FreeBSD, macOS and Microsoft Windows.
Extract the download archive containing the binary file, and run it from the current folder, or install it somewhere in the PATH, for example
/usr/local/bin. you need to
wireshark-cli (The package name depends on the Linux distribution you are using), and it must be installed on the same system as termshark to use it. Wireshark group to enable it to run TShark and termshark without super user privileges) and quick start guide, please refer to using termshark to analyze network traffic, TShark’s terminal user interface (Wireshark), I also recommend reading Termshark user guide.