🦈 TermShark
WireShark in the terminal. Note that this is a toy project, with a lot of features missing.
📥 Installation
Using binstall
cargo binstall termshark
Downloading from Releases
Navigate to the Releases page and download respective binary for your platform. Make sure to give it execute permissions.
Compiling from Source
Refer to pcap docs for requirements on dependencies.
git clone https://github.com/PRO-2684/termshark.git
cd termshark
cargo build --release
# The binary will be available at ./target/release/termshark
📖 Usage
▶️ Running TUI
Alternatively, you can configure with setcap, if you want to capture without root.
⌨️ Keyboard Control
Navigation
- ↑/↓ or j/k: Select previous/next packet
- Page Up/Down: Scroll one page at a time (adaptive to terminal size)
- Home: Jump to first packet
- End: Jump to last packet
- w/s: Scroll packet details panel up/down
- e/d: Scroll hex dump panel up/down
Filtering
- Enter: Enter filter mode (or apply filter when editing)
- Esc: Clear active filter (or cancel when editing)
- Backspace: Delete character while editing filter
Application
- q or Ctrl+C: Quit the application
🔍 Filter Syntax
The filter uses a GitHub-like syntax, i.e. search terms and key:value pairs:
searchterm protocol:tcp source:192.168.1.1 length:>1000
Supported filters:
protocol/proto: Filter by protocol (e.g.,tcp,udp,icmp)source/src: Filter by source IP address (exact match)destination/dest/dst: Filter by destination IP address (exact match)length/len: Filter by packet length (supports>,<, ranges)
Examples:
protocol:tcp,udp # TCP or UDP packets
source:192.168.1.100 # From specific source
protocol:tcp length:>1000 # Large TCP packets
HTTP source:192.168.1.1 # Traffic containing "HTTP" from source
See FILTER_SYNTAX.md for detailed documentation.
💡 Demos & Samples
Here's a list of sample packets for testing. All of them are taken from WireShark wiki, so feel free to visit it for more.
HTTP.pcap: Fromhttp.capICMP.pcap: Fromipv4frags.pcapIGMP.pcap: FromIGMP-dataset.pcap