Term portWireshark-like terminal interface for TShark, written in Go, has been updated to version 2.0.0. This release includes support for dark mode, pipeline input, and stream reorganization, as well as performance optimizations that make the tool faster and more responsive.Wireshark, Free open source network protocol analyzer, already has terminal version -TShark. But TShark doesn’t have an Interactive Terminal User Interface (TUI), and that’s exactly what Termashark does-this is TShark’s interactive terminal interface, which tries to replicate the Wireshark layout.
The latest Termshark 2.0 includes some important performance improvements. The application now uses less CPU, runs less time with mouse input, and uses less than half the memory on larger pcaps.
There are also many new features in the latest Termshark 2.0.0:
- Support TCP and UDP stream reorganization. To access this feature, go to
AnalysysMenu and press
Reassemble streamMenu Item
- Termshark now has a dark mode using a dark background. Enable from
Miscmenu. The default mode continues to use a white background.
- Termshark can be configured to scroll automatically when reading live data (interface, fifo or stdin)
- Pipeline and fifo input support. E.g. Pass tshark input:
tshark -i eth0 -w - | termshark
- Termshark UI can now run on other ttys, such as
termshark -i eth0 --tty=/dev/pts/5
- As with Wireshark, when you move from one packet to another, Termashark will preserve the opening and closing structure of that packet. This makes it easier for users to see the differences between packets
- Termshark now respects job control signals sent through the shell, namely SIGTSTP and SIGCONT
- The current packet capture source (file, interface, pipeline, etc.) is displayed in the Termshark title bar
- Termshark can be configured to eagerly load all pcap PDML data instead of loading 1000 packets at a time
- Now you just have to press Enter in the display filter widget for its value to take effect
Also, in this version, termshark can now be installed on macOS using the following command Home brew. On Windows, Termashark no longer relies on the Cywgin tail command and therefore no longer relies on the Cygwin installation. For more information on termshark, read: “ Analyzing Network Traffic with Termshark, TShark’s Terminal UI (Wireshark)
Download and install Termshark
The “Termshark Version” page contains binaries for Linux (x64 and armv6), macOS, and Windows. Or you can Build it If you like, please do it yourself. termhark is also Home brew For macOS users.
To install the termshark binary on Linux (any Linux distribution), get Binaries from GitHub, Unzip it, and install it from the unzipped folder to
sudo install termshark /usr/local/bin
Arch Linux users will be at Arch user repository.
Termshark is also available in Debian sid / bullseye, Ubuntu 19.10 Eoan Ermine and later, and Kali Linux. Currently, only version 1.0.0 is available, you can install it with the following command:
sudo apt install termshark
Install TShark required by Termhark
To work properly, Termashhark requires TShark to be installed. This is part of Wireshark, and on macOS you can use brew (
brew install wireshark).
On Linux, the package name depends on the distribution you are using. E.g,
tshark Runs on Debian / Ubuntu / Kali, while the package that provides TShark on Fedora is called
wireshark-cli. Therefore, to install TShark on Debian, Ubuntu, Linux Mint, Kali Linux, etc., use:
sudo apt install tshark
When prompted, answer
Should non-superusers be able to capture packets? To install wireshark-cli on Fedora:
sudo dnf install wireshark-cli
On Ubuntu and Fedora (and other Linux distributions), you also need to add users to
wireshark Group (created by TShark installation-if not, use
sudo groupadd wireshark) To be able to run TShark without root, so you can run termshark:
sudo usermod -a -G wireshark $USER
After that, restart your Ubuntu or Fedora machine (usually you should log out / login, but that’s not enough for me).