Re: [Wireshark-dev] termshark: a terminal UI for tshark

[Graham Clark <grclark () gmail com>]

Hi Peter,

Thanks for adding termshark to the wiki. I have to admit, somewhat
sheepishly, that I was not aware of sharkd... I will definitely look into
that. Just one day in, several people have already requested stream
reassembly as a feature!

All the best,
Graham


On Tue, Apr 23, 2019 at 6:46 PM Peter Wu <peter () lekensteyn nl> wrote:

> (+cc wireshark-dev since some may find this interesting.)
>
> Hi Graham,
>
> This looks neat, I have added it to the wiki:
> https://wiki.wireshark.org/Tools
>
> Are you aware of sharkd? For interactive use it might be a more suitable
> backend than tshark. sharkd is part of Wireshark and was developed by
> Jakub Zawadzki who wrote it for use with Webshark, https://webshark.io/
>
> Use of that interface could make things like Follow Stream much easier
> since you do not have to manually parse the tshark output and can
> instead read JSON. As the "d" in sharkd might suggest, this process
> remains up and running until you force it to quit.
>
> The main logic is implemented in
> https://github.com/wireshark/wireshark/blob/master/sharkd_session.c
>
> with corresponding tests in
> https://github.com/wireshark/wireshark/blob/master/test/suite_sharkd.py
>
> If you encounter any limitations or have suggestions, please let us
> know. Thanks :)
>
> Kind regards,
> Peter
>
> On Mon, Apr 22, 2019 at 10:09:17PM -0400, Graham Clark wrote:
> > Hi everyone - I thought you might be interested in this spare-time
> project:
> > https://termshark.io
> >
> > In my professional life I quite often find myself on a remote machine
> > debugging something, and with a need to look at a pcap. I wrote
> termshark to
> > make it easy to scan the pcap immediately and to avoid having to scp it
> > around.  Behind the scenes, tshark provides all the intelligence, so
> > termshark
> > depends on tshark being installed. Termshark runs the input pcap through
> > tshark, and uses the PDML and PSML to provide Wireshark-like views of
> each
> > packet. Currently you can view a pcap, sniff on an interface (if
> permissions
> > allow), and filter using Wireshark's display filters. There's so much
> more
> > it
> > could do easily through tshark, like stream reassembly, display of
> > conversations, statistics, etc, but I wanted to push out v1 so this is
> > where I
> > drew the line.
> >
> > Termshark is written in Go and makes heavy use of the excellent tcell
> > library
> > for control of the terminal. Because Go is so naturally portable, there
> are
> > versions of termshark on github for Linux (+termux/Android), FreeBSD,
> macOS
> > and even Windows.
> >
> > The source code with build instructions is here:
> > https://github.com/gcla/termshark
> >
> > I hope you find it useful, and I'm very interested to hear your feedback.
> >
> > Graham
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe