termshark – Terminal UI for tshark

termshark brings Wireshark’s intuitive interface to the terminal, providing a rich text-based user interface for...

Networking Tools Linux Open Source

termshark brings Wireshark’s intuitive interface to the terminal, providing a rich text-based user interface for analyzing network packets. Built on top of tshark, it offers the familiar three-pane layout of Wireshark while being lightweight enough to run over SSH on remote servers.

📑 Table of Contents

For administrators who work primarily in terminal environments, termshark bridges the gap between the power of Wireshark and the accessibility of command-line tools. Its interactive interface makes packet analysis more intuitive than raw tshark output while remaining usable on headless systems.

Key Features

  • Wireshark-Like UI – Familiar three-pane interface
  • Display Filters – Full Wireshark filter syntax
  • Packet Details – Expandable protocol tree
  • Hex View – Raw packet bytes display
  • Stream Following – Reassemble TCP streams
  • Remote Friendly – Works over SSH

Installation

# Download from GitHub releases
wget https://github.com/gcla/termshark/releases/latest/download/termshark_2.4.0_linux_x64.tar.gz
tar xzf termshark_2.4.0_linux_x64.tar.gz
sudo mv termshark /usr/local/bin/

# Requires tshark
sudo apt install tshark

Basic Usage

# Capture on interface
sudo termshark -i eth0

# Read pcap file
termshark -r capture.pcap

# Apply display filter
termshark -r capture.pcap -Y "http.request"

# Specify interface and filter
sudo termshark -i eth0 -f "port 443"

Keyboard Shortcuts

  • Tab – Switch between panes
  • / – Apply display filter
  • Enter – Expand/collapse protocol tree
  • q – Quit termshark
  • ? – Show help

Download termshark

You May Also Like

ss – Socket Statistics Tool

Zeek – Network Security Monitor

Was this article helpful?