termshark
Terminal user interface for tshark packet analysis, inspired by Wireshark
Termshark provides a terminal-based interface for network packet analysis using tshark as its backend engine. It functions as a TUI wrapper around tshark, offering Wireshark-like functionality for environments where a graphical interface isn't available or practical.
The tool can read pcap files or capture live network traffic from interfaces where tshark has permission. It supports Wireshark's display filter syntax for packet filtering and provides specialized views for TCP/UDP flow reassembly and network conversation analysis by protocol. Users can copy packet ranges to the clipboard directly from the terminal interface.
Termshark targets network engineers, security analysts, and developers who need packet analysis capabilities on remote systems or headless servers. Written in Go, it compiles to a single executable and supports Linux, macOS, BSD variants, Android (via Termux), and Windows. The tool requires tshark version 1.10.2 or higher to be installed and available in the system PATH.
Installation
# via Homebrew
brew install termshark
# via Go
go install github.com/gcla/termshark/v2/cmd/termshark@v2.4.0
