[twitter-follow-url]: https://twitter.com/intent/follow?screen_name=termshark [twitter-follow-img]: https://img.shields.io/twitter/follow/termshark.svg?style=social&label=Follow # Termshark A terminal user-interface for tshark, inspired by Wireshark. **V2 is out now with stream reassembly, dark-mode and more! Here's the [ChangeLog](CHANGELOG.md#changelog).** ![demo2](https://drive.google.com/uc?export=view&id=1EmqYrOPwLXanoi7o74PQMOX1KSgOqhNr) If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help! ## Features - Read pcap files or sniff live interfaces (where tshark is permitted). - Inspect each packet using familiar Wireshark-inspired views - Filter pcaps or live captures using Wireshark's display filters - Reassemble and inspect TCP and UDP flows - Copy ranges of packets to the clipboard from the terminal - Written in Golang, compiles to a single executable on each platform - downloads available for Linux, macOS, FreeBSD, Android (termux) and Windows tshark has many more features that termshark doesn't expose yet! See [What's Next](docs/FAQ.md#whats-next). ## Install Packages Termshark is pre-packaged for the following platforms: [Arch Linux](docs/Packages.md#arch-linux), [Debian (unstable)](docs/Packages.md#debian), [FreeBSD](docs/Packages.md#freebsd), [Homebrew](docs/Packages.md#homebrew), [Kali Linux](docs/Packages.md#kali-linux), [NixOS](docs/Packages.md#nixos), [SnapCraft](docs/Packages.md#snapcraft), [Termux (Android)](docs/Packages.md#termux-android) and [Ubuntu](docs/Packages.md#ubuntu). ## Building Termshark uses Go modules, so it's best to compile with Go 1.11 or higher. Set `GO111MODULE=on` then run: ```bash go install github.com/gcla/termshark/v2/cmd/termshark ``` Then add ```~/go/bin/``` to your ```PATH```. For all packet analysis, termshark depends on tshark from the Wireshark project. Make sure ```tshark``` is in your ```PATH```. ## Quick Start Inspect a local pcap: ```bash termshark -r test.pcap ``` Capture ping packets on interface ```eth0```: ```bash termshark -i eth0 icmp ``` Run ```termshark -h``` for options. ## Downloads Pre-compiled executables are available via [Github releases](https://github.com/gcla/termshark/releases). Or download the latest build from the master branch - [![Build Status](https://travis-ci.org/gcla/termshark.svg?branch=master)](https://travis-ci.org/gcla/termshark). ## User Guide See the [termshark user guide](docs/UserGuide.md) (and my best guess at some [FAQs](docs/FAQ.md)) ## Dependencies Termshark depends on these open-source packages: - [tshark](https://www.wireshark.org/docs/man-pages/tshark.html) - command-line network protocol analyzer, part of [Wireshark](https://wireshark.org) - [tcell](https://github.com/gdamore/tcell) - a cell based terminal handling package, inspired by termbox - [gowid](https://github.com/gcla/gowid) - compositional terminal UI widgets, inspired by [urwid](http://urwid.org), built on [tcell](https://github.com/gdamore/tcell) Note that tshark is a run-time dependency, and must be in your ```PATH``` for termshark to function. Version 1.10.2 or higher is required (approx 2013). ## Contributors Thanks to everyone that's contributed ports, patches and effort!

_{Ross Jacobs} 💻 🐛 📓	_Hongarc 📖	_{Ryan Steinmetz} 📦	_{Nicolai Søborg} 📦	_{Elliott Sales de Andrade} 💻	_Romanos 💻	_Denys 🐛
_jerry73204 📦	_{Jon Knapp} 📦	_{Mario Harjac} 📦	_{Andrew Benson} 🐛	_sagis-tikal 🐛	_punkymaniac 🐛	_msenturk 🐛
_{Sandor Szücs} 🐛	_{Dawid Dziurla} 🐛	_jJit0 🐛	_inzel 🐛	_thejerrod 🤔	_gdluca 🐛	_{Patrick Winter} 📦
_{Robert Larsen} 🤔 📓	_{MinJae Kwon} 🐛	_the-c0d3r 🤔	_{Gisle Vanem} 🐛	_hook 🐛	_{Lennart Koopmann} 🤔	_{Fernandez, ReK2} 🐛
_mazball 🤔	_wfailla 🤔	_荣怡 🤔	_{thebyrdman-git} 🐛	_{Clemens Mosig} 🐛	_{Michael Rash} 📓	_joelparker 📓
_{Dragos Maftei} 🤔

## Contact - The author - Graham Clark (grclark@gmail.com) [![Follow on Twitter][twitter-follow-img]][twitter-follow-url] ## License [![License: MIT](https://img.shields.io/github/license/gcla/termshark.svg?color=yellow)](LICENSE)