LinuxCommandLibrary

termshark

Terminal-based Wireshark interface

TLDR

Monitor default interface
$ sudo termshark
copy
Monitor specific interface
$ sudo termshark [interface]
copy

SYNOPSIS

termshark [OPTIONS] [INTERFACE|FILE]

DESCRIPTION

termshark is a terminal-based user interface for tshark that provides a Wireshark-like experience in the terminal. It offers packet list, packet details, and packet bytes views with interactive navigation.
The interface supports keyboard navigation, display filtering, and stream reassembly similar to the graphical Wireshark.

PARAMETERS

-i INTERFACE

Capture on specified interface
-r FILE
Read from pcap file
-Y FILTER
Apply display filter
-f FILTER
Apply capture filter

KEYBOARD SHORTCUTS

Tab - Switch between views
/ - Filter packets
Enter - Expand/collapse details
q - Quit

CAVEATS

Requires tshark (Wireshark CLI) to be installed. Root privileges needed for live capture. Large capture files may be slow to load.

HISTORY

termshark was created by Graham Clark to bring Wireshark's interface paradigm to the terminal, enabling packet analysis over SSH or in environments without a GUI.

SEE ALSO

tshark(1), wireshark(1), tcpdump(8)

Copied to clipboard