Hi everyone - I thought you might be interested in this spare-time project:
In my professional life I quite often find myself on a remote machine
debugging something, and with a need to look at a pcap. I wrote termshark to
make it easy to scan the pcap immediately and to avoid having to scp it
around. Behind the scenes, tshark provides all the intelligence, so termshark
depends on tshark being installed. Termshark runs the input pcap through
tshark, and uses the PDML and PSML to provide Wireshark-like views of each
packet. Currently you can view a pcap, sniff on an interface (if permissions
allow), and filter using Wireshark's display filters. There's so much more it
could do easily through tshark, like stream reassembly, display of
conversations, statistics, etc, but I wanted to push out v1 so this is where I
drew the line.
Termshark is written in Go and makes heavy use of the excellent tcell library
for control of the terminal. Because Go is so naturally portable, there are
versions of termshark on github for Linux (+termux/Android), FreeBSD, macOS
and even Windows.
I hope you find it useful, and I'm very interested to hear your feedback.
Graham
