termshark

Monitor default interface

$ sudo termshark

$ sudo termshark [interface]

termshark [OPTIONS] [INTERFACE|FILE]

termshark is a terminal-based user interface for tshark that provides a Wireshark-like experience in the terminal. It offers packet list, packet details, and packet bytes views with interactive navigation.
The interface supports keyboard navigation, display filtering, and stream reassembly similar to the graphical Wireshark.

-i INTERFACE

Capture on specified interface

Read from pcap file

Apply display filter

Apply capture filter

Tab - Switch between views
/ - Filter packets
Enter - Expand/collapse details
q - Quit

Requires tshark (Wireshark CLI) to be installed. Root privileges needed for live capture. Large capture files may be slow to load.

termshark was created by Graham Clark to bring Wireshark's interface paradigm to the terminal, enabling packet analysis over SSH or in environments without a GUI.

tshark(1), wireshark(1), tcpdump(8)