termshark
A terminal UI for tshark, inspired by Wireshark
Termshark is a terminal user interface for tshark that brings Wireshark-like functionality to the command line. It allows network engineers and security professionals to analyze packet captures and perform live network monitoring directly from a terminal, making it particularly valuable for debugging on remote machines where transferring large pcap files isn't practical.
The tool provides powerful network analysis capabilities including reading pcap files, sniffing live network interfaces, filtering traffic using Wireshark's display filters, and reassembling TCP/UDP flows. It can view network conversations by protocol, copy packet ranges to the clipboard, and supports all the filtering capabilities that make Wireshark so useful for network troubleshooting.
Termshark is designed for network administrators, security analysts, and developers who need to perform packet analysis in terminal environments. Written in Go and compiled to a single executable, it runs on Linux, macOS, BSD variants, Windows, and even Android via Termux. The tool depends on tshark from the Wireshark project for all packet analysis functionality, so users get the same reliable parsing and protocol support they're familiar with from Wireshark.
Installation
# via Homebrew
brew install termshark
# via Go install
go install github.com/gcla/termshark/v2/cmd/termshark@v2.4.0
