[HN Gopher] Termshark - A terminal UI for tshark, inspired by Wi...
___________________________________________________________________
Termshark - A terminal UI for tshark, inspired by Wireshark
Author : gautamsomani
Score : 137 points
Date : 2023-12-05 14:32 UTC (8 hours ago)
(HTM) web link (termshark.io)
(TXT) w3m dump (termshark.io)
| ape4 wrote:
| Of course, sending traffic to the terminal is network traffic so
| you need to exclude it when you're monitoring.
| Uehreka wrote:
| (Edit: nvm, I read TFA)
| jaimehrubiks wrote:
| Many times I Google something like "Wireshark from remote ssh"
| and I manage to stream the remote tshark stream to my local
| Wireshark UI. However, this is very interesting and welcoming
| project, and I guess it will make it simpler in many use cases
| toast0 wrote:
| If you're ok installing stuff on the remote side, which you'd
| need to be to run this anyway, I'd expect wireshark to work
| well with X forwarding.
|
| This looks nicer, but X forwarding is a generic solution to
| displaying GUIs locally while running them remotely.
| theamk wrote:
| Installing wireshark on non-gui machines brings tons of
| junk.. just tried this on Ubuntu's minimal container with
| tshark installed -- and by default, wireshark brings in 206
| extra packages, including python3 and systemd. It's a bit
| better with --no-install-recommends, but still 105 extra
| packages.
|
| termshark, being written in go, has zero (0) extra packages
| other than tshark.
| Galanwe wrote:
| > If you're ok installing stuff on the remote side, which
| you'd need to be to run this anyway
|
| It is more likely easier to build / install this on a remote
| server than to have X11 forwarding.
|
| - X11 fwd is often disabled in sshd config, as it introduces
| a number of backchannels for a compromised server to leak to
| the client.
|
| - If you're working on a remote _server_, it is very unlikely
| that an X client will be available there. Building an X
| client & it's dependencies as non-root is a thousand times
| worst than building such a small TUI. Been there, done that.
|
| - Remote X11 is horribly slow, you'll most likely want some
| more modern variant (x2go & co), which will be a nightmare to
| build, or tunnel.
| imglorp wrote:
| The other way to do it is ssh to remote box, `tcpdump -w
| foo.pcap` there, then bring it back by scp and you can open it
| for analysis in full wireshark.
| gorgonq wrote:
| You can even let tcpdump write packets to stdout, then pipe
| directly to your local wireshark and get a live view:
| ssh your-host tcpdump -w - -U 'not port 22' | wireshark -i -
| -k
|
| makes sense to exclude port 22 from the dump =)
| silentprog wrote:
| This works, but you won't get the interface name in
| wireshark. If you also require the captured interface you
| can substitute tcpdump with tshark
| jamesfmilne wrote:
| Wireshark supports this natively.
|
| Look at the `SSH remote capture: sshdump`.
| https://www.wireshark.org/docs/man-pages/sshdump.html
|
| Wireshark can SSH into the remote machine, perform the capture,
| then show the packets in your local instance of Wireshark.
|
| It's a bit of a nuisance to setup of course, tshark has a bit
| less friction here, and TUIs are always cool.
| spacecadet wrote:
| As a regular tshark/pyshark user, where much of the output is
| CLI, I enjoy this.
| JoshTriplett wrote:
| This looks impressive! The UI looks nice to use, and I'd probably
| use this instead of wireshark the next time I'm doing network
| analysis.
|
| Another "why": you want to do live capture and analysis, but
| don't want to run a GUI program as root for a variety of reasons.
| fragmede wrote:
| Here is a list of some of them:
| https://www.wireshark.org/security/
| sonicanatidae wrote:
| Nice tool. I don't use WireShark every day, but this will be
| handy for the times I'm breaking it out.
|
| Thanks!
| Linux-Fan wrote:
| Termshark can be a live saver if you need to analyze large packet
| captures. The GUI of Wireshark was almost unusable with some
| large (30 GiB or something?) capture on my development laptop and
| some filters. Termshark did not process that data quickly but at
| least allowed me to get the job done.
| threatofrain wrote:
| I don't mean to ask a crass question, but is the project
| potentially abandoned? It certainly still gets issues but hasn't
| received updates for a long time.
| equanos wrote:
| The one thing i never looked for but want to instal asap! 10
| extra points for using Go.
| letwhile wrote:
| This project exists since more than 4 years. No need to bump
| without any news or comment.
___________________________________________________________________
(page generated 2023-12-05 23:01 UTC)