termshark

package module
v2.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 11, 2022 License: MIT Imports: 42 Imported by: 0

README

Termshark

A terminal user-interface for tshark, inspired by Wireshark.

V2.4 is out now with packet search and profiles for colors and columns! See the ChangeLog.

demo24

If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help!

Features

  • Read pcap files or sniff live interfaces (where tshark is permitted)
  • Filter pcaps or live captures using Wireshark's display filters
  • Reassemble and inspect TCP and UDP flows
  • View network conversations by protocol
  • Copy ranges of packets to the clipboard from the terminal
  • Written in Golang, compiles to a single executable on each platform - downloads available for Linux, macOS, BSD variants, Android (termux) and Windows

tshark has many more features that termshark doesn't expose yet! See What's Next.

Install Packages

Termshark is pre-packaged for the following platforms: Arch Linux, Debian (unstable), FreeBSD, Homebrew, MacPorts, Kali Linux, NixOS, SnapCraft, Termux (Android) and Ubuntu.

Building

Termshark uses Go modules. Set GO111MODULE=on then run:

go install github.com/gcla/termshark/v2/cmd/termshark

For versions of Go between 1.14 and 1.17, use

go get github.com/gcla/termshark/v2/cmd/termshark

Then add ~/go/bin/ to your PATH.

For all packet analysis, termshark depends on tshark from the Wireshark project. Make sure tshark is in your PATH.

Quick Start

Inspect a local pcap:

termshark -r test.pcap

Capture ping packets on interface eth0:

termshark -i eth0 icmp

Run termshark -h for options.

Downloads

Pre-compiled executables are available via Github releases. Or download the latest build from the master branch - Build Status.

Documentation

See the termshark user guide, and my best guess at some FAQs. For a summary of updates, see the ChangeLog.

Dependencies

Termshark depends on these open-source packages:

  • tshark - command-line network protocol analyzer, part of Wireshark
  • tcell - a cell based terminal handling package, inspired by termbox
  • gowid - compositional terminal UI widgets, inspired by urwid, built on tcell

Note that tshark is a run-time dependency, and must be in your PATH for termshark to function. Version 1.10.2 or higher is required (approx 2013).

Contributors

Thanks to everyone that's contributed ports, patches and effort!


Ross Jacobs
💻 🐛 📓
Hongarc
📖
Ryan Steinmetz
📦
Nicolai Søborg
📦
Elliott Sales de Andrade
💻
Romanos
💻
Denys
🐛

jerry73204
📦
Jon Knapp
📦
Mario Harjac
📦
Andrew Benson
🐛
sagis-tikal
🐛
punkymaniac
🐛
msenturk
🐛

Sandor Szücs
🐛
Dawid Dziurla
🐛 📦
jJit0
🐛
inzel
🐛
thejerrod
🤔
gdluca
🐛
Patrick Winter
📦

Robert Larsen
🤔 📓
MinJae Kwon
🐛
the-c0d3r
🤔
Gisle Vanem
🐛
hook
🐛
Lennart Koopmann
🤔
Fernandez, ReK2
🐛

mazball
🤔
wfailla
🤔
荣怡
🤔
thebyrdman-git
🐛
Clemens Mosig
🐛
Michael Rash
📓
joelparker
📓

Dragos Maftei
🤔
Matthew Giassa
🤔
Sean Abbott
📦
Vincent Wang
🤔
piping
🤔
kevinhwang91
🤔 🐛
Justin Overfelt
🤔

Anthony
🤔
basondole
🐛
zoulja
🐛
freddii
🐛
Thord Setsaas
📖
deliciouslytyped
🐛
factorion
📦

Herby Gillot
📦
nmeum
🤔
Aaron Bieber
🤔
elig0n
🤔

Contact

License

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	UserGuideURL         string = "https://termshark.io/userguide"
	FAQURL               string = "https://termshark.io/faq"
	BugURL               string = "https://github.com/gcla/termshark/issues/new?assignees=&labels=&template=bug_report.md&title="
	FeatureURL           string = "https://github.com/gcla/termshark/issues/new?assignees=&labels=&template=feature_request.md&title="
	OriginalEnv          []string
	ShouldSwitchTerminal bool
	ShouldSwitchBack     bool
)
View Source 
var BadCommand = BadCommandError{}
View Source 
var BadState = BadStateError{}
View Source 
var ConfigErr = ConfigError{}
View Source 
var InternalErr = InternalError{}
View Source 
var TSharkVersionUnknown = fmt.Errorf("Could not determine version of tshark")
View Source 
var UnexpectedOutput = fmt.Errorf("Unexpected output")
View Source 
var Version string = "v2.4.0"

Functions

func AddKeyMapping added in v2.2.0 

func AddKeyMapping(km KeyMapping)

func AddToRecentFiles 

func AddToRecentFiles(pcap string)

func AddToRecentFilters 

func AddToRecentFilters(val string)

func ApplyArguments 

func ApplyArguments(cmd []string, args []string) ([]string, int)

ApplyArguments turns ["echo", "hello", "$2"] + ["big", "world"] into ["echo", "hello", "world"]

func BrowseUrl 

func BrowseUrl(url string) error

func CacheDir 

func CacheDir() string

func CacheFile 

func CacheFile(bin string) string

func CapinfosBin added in v2.1.0 

func CapinfosBin() string

func CaptureBin added in v2.1.0 

func CaptureBin() string

CaptureBin is the binary the user intends to use to capture packets i.e. with the -i switch. This might be distinct from DumpcapBin because dumpcap can't capture on extcap interfaces like randpkt, but while tshark can, it can drop packets more readily than dumpcap. This value is interpreted as the name of a binary, resolved against PATH. Note that the default is termshark - this invokes termshark in a special mode where it first tries DumpcapBin, then if that fails, TSharkBin - for the best of both worlds. To detect this, termshark will run CaptureBin with TERMSHARK_CAPTURE_MODE=1 in the environment, so when termshark itself is invoked with this in the environment, it switches to capture mode.

func ConfFile 

func ConfFile(file string) string

func ConvTypes added in v2.1.1 

func ConvTypes() []string

func ConvertArgToTShark 

func ConvertArgToTShark(arg string) (string, string, bool)

func CopyCommand 

func CopyCommand(input io.Reader, cb interface{}) error

func DateStringForFilename 

func DateStringForFilename() string

Down to the second for profiling, etc

func DefaultPcapDir added in v2.3.0 

func DefaultPcapDir() string

DefaultPcapDir returns ~/.cache/pcaps by default. Termshark will check a couple of user settings first before using this.

func DirOfPathCommand 

func DirOfPathCommand(bin string) (string, error)

func DirOfPathCommandUnsafe 

func DirOfPathCommandUnsafe(bin string) string

func Does256ColorTermExist added in v2.3.0 

func Does256ColorTermExist() error

func DumpcapBin 

func DumpcapBin() string

func ErrLogger added in v2.4.0 

func ErrLogger(key string, val string) *io.PipeWriter

func FileNewerThan 

func FileNewerThan(f1, f2 string) (bool, error)

func FileSizeDifferentTo added in v2.1.0 

func FileSizeDifferentTo(filename string, cur int64) (int64, bool)

Returns true if error, too

func IndentPdml 

func IndentPdml(in io.Reader, out io.Writer) error

IndentPdml reindents XML, disregarding content between tags (because we knoe PDML doesn't use that capability of XML)

func Interfaces 

func Interfaces() (map[int][]string, error)

Use tshark's output, because the indices can then be used to select an interface to sniff on, and net.Interfaces returns the interfaces in a different order.

func IsCommandInPath 

func IsCommandInPath(bin string) bool

func IsTerminal 

func IsTerminal(fd uintptr) bool

func KeyPressIsPrintable added in v2.2.0 

func KeyPressIsPrintable(key gowid.IKey) bool

func KeyValueErrorString added in v2.4.0 

func KeyValueErrorString(err gowid.KeyValueError) string

KeyValueErrorString returns a string representation of a gowid KeyValueError intended to be suitable for displaying in a termshark error dialog.

func KillIfPossible 

func KillIfPossible(p IProcess) error

func LoadGlobalMarks added in v2.2.0 

func LoadGlobalMarks(m map[rune]GlobalJumpPos) error

func LoadOffsetFromConfig 

func LoadOffsetFromConfig(name string) ([]resizable.Offset, error)

func LocalIPs 

func LocalIPs() []string

func PcapDir 

func PcapDir() string

A separate dir from CacheDir because I need to use inotify under some circumstances for a non-existent file, meaning I need to track a directory, and I don't want to be constantly triggered by log file updates.

func PrivilegedBin added in v2.1.0 

func PrivilegedBin() string

PrivilegedBin returns a capture binary that may require setcap privileges on Linux. This is a simple UI to cover the fact that termshark's default capture method is to run dumpcap and tshark as a fallback. I don't want to tell the user the capture binary is termshark - that'd be confusing. We know that on Linux, termshark will run dumpcap first, then fall back to tshark if needed. Only dumpcap should need access to live interfaces; tshark is needed for extcap interfaces only. This is used to provide advice to the user if packet capture fails.

func ProfileCPUFor 

func ProfileCPUFor(secs int) bool

func ProfileHeap 

func ProfileHeap()

func PrunePcapCache added in v2.3.0 

func PrunePcapCache() error

func ReadGob 

func ReadGob(filePath string, object interface{}) error

func RemoveFromStringSlice 

func RemoveFromStringSlice(pcap string, comps []string) []string

func RemoveKeyMapping added in v2.2.0 

func RemoveKeyMapping(kp vim.KeyPress)

func ReverseStringSlice added in v2.3.0 

func ReverseStringSlice(s []string)

func RootCause 

func RootCause(err error) error

func RunForExitCode 

func RunForExitCode(prog string, args []string, env []string) (int, error)

func RunForStderr added in v2.4.0 

func RunForStderr(prog string, args []string, env []string, stderr io.Writer) (int, error)

func RunOnDoubleTicker 

func RunOnDoubleTicker(ch <-chan struct{}, fn func(), dur1 time.Duration, dur2 time.Duration, loops int)

func RunningRemotely 

func RunningRemotely() bool

func SafePid 

func SafePid(p IProcess) int

func SaveGlobalMarks added in v2.2.0 

func SaveGlobalMarks(m map[rune]GlobalJumpPos)

func SaveKeyMappings added in v2.2.0 

func SaveKeyMappings(mappings []KeyMapping)

func SaveOffsetToConfig 

func SaveOffsetToConfig(name string, offsets2 []resizable.Offset)

func SetConvTypes added in v2.1.1 

func SetConvTypes(convs []string)

func StringInSlice 

func StringInSlice(a string, list []string) bool

func StringIsArgPrefixOf 

func StringIsArgPrefixOf(a string, list []string) bool

func TSharkBin 

func TSharkBin() string

func TSharkPath 

func TSharkPath() (string, *gowid.KeyValueError)

TSharkPath will return the full path of the tshark binary, if it's found in the path, otherwise an error

func TSharkSupportsColor added in v2.0.3 

func TSharkSupportsColor(tshark string) (bool, error)

Depends on empty.pcap being present

func TSharkVersion 

func TSharkVersion(tshark string) (semver.Version, error)

func TSharkVersionFromOutput 

func TSharkVersionFromOutput(output string) (semver.Version, error)

func TailCommand 

func TailCommand() []string

func TemplateToString 

func TemplateToString(tmpl *template.Template, name string, data interface{}) string

Must succeed - use on internal templates

func TrackedGo 

func TrackedGo(fn func(), wgs ...*sync.WaitGroup)

func TsharkSetting added in v2.3.0 

func TsharkSetting(field string) (string, error)

$ env TMPDIR=/foo tshark -G folders Temp Temp: /foo Personal configuration: /home/gcla/.config/wireshark Global configuration: /usr/share/wireshark

func TsharkSettings added in v2.4.0 

func TsharkSettings(fields ...string) (map[string]string, error)

func ValidateTerm added in v2.3.0 

func ValidateTerm(term string) error

func WiresharkProfileNames added in v2.4.0 

func WiresharkProfileNames() []string

func WriteEmptyPcap 

func WriteEmptyPcap(filename string) error

func WriteGob 

func WriteGob(filePath string, object interface{}) error

Types

type BadCommandError 

type BadCommandError struct{}

func (BadCommandError) Error 

func (e BadCommandError) Error() string

type BadStateError 

type BadStateError struct{}

func (BadStateError) Error 

func (e BadStateError) Error() string

type ConfigError 

type ConfigError struct{}

func (ConfigError) Error 

func (e ConfigError) Error() string

type ConvPktsCompare added in v2.4.0 

type ConvPktsCompare struct{}

ConvPktsCompare is a unit type that satisfies ICompare, and can be used for numerically comparing values emitted by the tshark -z conv,... e.g. "2,456 kB"

func (ConvPktsCompare) Less added in v2.4.0 

func (s ConvPktsCompare) Less(i, j string) bool

type GlobalJumpPos added in v2.2.0 

type GlobalJumpPos struct {
	JumpPos
	Filename string `json:"filename"`
}

func (GlobalJumpPos) Base added in v2.2.0 

func (g GlobalJumpPos) Base() string

For ease of use in the template

type ICommandDone 

type ICommandDone interface {
	ProcessCommandDone()
}

type ICommandError 

type ICommandError interface {
	ProcessCommandError(err error) error
}

type ICommandKillError 

type ICommandKillError interface {
	ProcessKillError(err error) error
}

type ICommandOutput 

type ICommandOutput interface {
	ProcessOutput(output string) error
}

type ICommandTimeout 

type ICommandTimeout interface {
	ProcessCommandTimeout() error
}

type ICommandWaitTicker 

type ICommandWaitTicker interface {
	ProcessWaitTick() error
}

type IPCompare added in v2.3.0 

type IPCompare struct{}

IPCompare is a unit type that satisfies ICompare, and can be used for numerically comparing IP addresses.

func (IPCompare) Less added in v2.3.0 

func (s IPCompare) Less(i, j string) bool

type IProcess 

type IProcess interface {
	Kill() error
	Pid() int
}

type InternalError 

type InternalError struct{}

func (InternalError) Error 

func (e InternalError) Error() string

type JumpPos added in v2.2.0 

type JumpPos struct {
	Summary string `json:"summary"`
	Pos     int    `json:"position"`
}

Need to publish fields for template use

type KeyMapping added in v2.2.0 

type KeyMapping struct {
	From vim.KeyPress
	To   vim.KeySequence
}

func LoadKeyMappings added in v2.2.0 

func LoadKeyMappings() []KeyMapping

type KeyState added in v2.2.0 

type KeyState struct {
	NumberPrefix    int
	PartialgCmd     bool
	PartialZCmd     bool
	PartialCtrlWCmd bool
	PartialmCmd     bool
	PartialQuoteCmd bool
}

type MACCompare added in v2.4.0 

type MACCompare struct{}

MacCompare is a unit type that satisfies ICompare, and can be used for numerically comparing MAC addresses.

func (MACCompare) Less added in v2.4.0 

func (s MACCompare) Less(i, j string) bool

Source Files

View all Source files

Directories

Path Synopsis
statik
cmd
termshark
configs
profiles
pkg
capinfo
cli
confwatcher
convs
fields
format
Package format implements useful string/byte formatting functions.
 Package format implements useful string/byte formatting functions.
noroot
pcap
pdmltree
Package pdmltree contains a type used as the model for a PDML document for a packet, and associated functions.
 Package pdmltree contains a type used as the model for a PDML document for a packet, and associated functions.
psmlmodel
shark
shark/wiresharkcfg
streams
summary
system
tailfile
theme
package theme provides utilities for customizing the styling of termshark.
 package theme provides utilities for customizing the styling of termshark.
theme/modeswap
package modeswap provides an IColor-conforming type Color that renders differently if in low-color mode
 package modeswap provides an IColor-conforming type Color that renders differently if in low-color mode
tty
ui
Package ui contains user-interface functions and helpers for termshark.
 Package ui contains user-interface functions and helpers for termshark.
menuutil
Package menuutil contains user-interface functions and helpers for termshark.
 Package menuutil contains user-interface functions and helpers for termshark.
tableutil
Package tableutil contains user-interface functions and helpers for termshark's tables - in particular, helpers for vim key sequences like 5gg and G
 Package tableutil contains user-interface functions and helpers for termshark's tables - in particular, helpers for vim key sequences like 5gg and G
appkeys
Package appkeys provides a widget which responds to keyboard input.
 Package appkeys provides a widget which responds to keyboard input.
copymodetable
Package copymodetable provides a wrapper around a table that supports copy mode.
 Package copymodetable provides a wrapper around a table that supports copy mode.
copymodetree
Package copymodetree provides a wrapper around a tree that supports copy mode.
 Package copymodetree provides a wrapper around a tree that supports copy mode.
enableselected
Package enableselected provides a widget that turns on focus.Selected.
 Package enableselected provides a widget that turns on focus.Selected.
expander
Package expander provides a widget that renders in one line when not in focus but that may render using more than one line when in focus.
 Package expander provides a widget that renders in one line when not in focus but that may render using more than one line when in focus.
fileviewer
Package fileviewer provides a widget to view a text file in a terminal via a pager program.
 Package fileviewer provides a widget to view a text file in a terminal via a pager program.
filter
Package filter provides a termshark-specific edit widget which changes color according to the validity of its input, and which activates a drop-down menu of possible completions for the term at point.
 Package filter provides a termshark-specific edit widget which changes color according to the validity of its input, and which activates a drop-down menu of possible completions for the term at point.
framefocus
Package framefocus provides a very specific widget to apply a frame around the widget in focus and an empty frame if not.
 Package framefocus provides a very specific widget to apply a frame around the widget in focus and an empty frame if not.
hexdumper
Package hexdumper provides a widget which displays selectable hexdump-like output.
 Package hexdumper provides a widget which displays selectable hexdump-like output.
hexdumper2
Package hexdumper2 provides a widget which displays selectable hexdump-like output.
 Package hexdumper2 provides a widget which displays selectable hexdump-like output.
ifwidget
Package ifwidget provides a simple widget that behaves differently depending on the condition supplied.
 Package ifwidget provides a simple widget that behaves differently depending on the condition supplied.
keepselected
Package keepselected turns on the selected bit when Render or UserInput is called.
 Package keepselected turns on the selected bit when Render or UserInput is called.
mapkeys
Package mapkeys provides a widget that can map one keypress to a sequence of keypresses.
 Package mapkeys provides a widget that can map one keypress to a sequence of keypresses.
minibuffer
Package minibuffer todo
 Package minibuffer todo
number
Package hexdumper provides a numeric widget with a couple of buttons that increase or decrease its value.
 Package hexdumper provides a numeric widget with a couple of buttons that increase or decrease its value.
regexstyle
Package regexstyle provides a widget that highlights the content of its subwidget according to a regular expression.
 Package regexstyle provides a widget that highlights the content of its subwidget according to a regular expression.
renderfocused
Package renderfocused will render a widget with focus true
 Package renderfocused will render a widget with focus true
resizable
Package resizable provides columns and piles that can be adjusted.
 Package resizable provides columns and piles that can be adjusted.
rossshark
Package rossshark provides a widget that draws a hi-tech shark fin over the background and allows it to move across the screen.
 Package rossshark provides a widget that draws a hi-tech shark fin over the background and allows it to move across the screen.
scrollabletable
Package scrollabletable makes a widget that some scrollbar interfaces suitable for passing to withscrollbar.New()
 Package scrollabletable makes a widget that some scrollbar interfaces suitable for passing to withscrollbar.New()
scrollabletext
Package scrollabletext provides a text widget that can be placed inside withscrollbar.Widget
 Package scrollabletext provides a text widget that can be placed inside withscrollbar.Widget
search
Package search provides termshark's search widget including the various drop down menus to control the type of search to be issued.
 Package search provides termshark's search widget including the various drop down menus to control the type of search to be issued.
streamwidget
Package streamwidget provides a very specific stream reassembly termshark widget.
 Package streamwidget provides a very specific stream reassembly termshark widget.
trackfocus
Package trackfocus provides a widget that issues callbacks when a widget loses or gains the focus.
 Package trackfocus provides a widget that issues callbacks when a widget loses or gains the focus.
withscrollbar
Package withscrollbar provides a widget that renders with a scrollbar on the right
 Package withscrollbar provides a widget that renders with a scrollbar on the right
wormhole
Package wormhole contains a widget that provides the UI for termshark's magic-wormhole pcap sending feature.
 Package wormhole contains a widget that provides the UI for termshark's magic-wormhole pcap sending feature.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.