Hi Peter, Thanks for adding termshark to the wiki. I have to admit, somewhat sheepishly, that I was not aware of sharkd... I will definitely look into that. Just one day in, several people have already requested stream reassembly as a feature!
All the best, Graham On Tue, Apr 23, 2019 at 6:46 PM Peter Wu <pe...@lekensteyn.nl> wrote: > (+cc wireshark-dev since some may find this interesting.) > > Hi Graham, > > This looks neat, I have added it to the wiki: > https://wiki.wireshark.org/Tools > > Are you aware of sharkd? For interactive use it might be a more suitable > backend than tshark. sharkd is part of Wireshark and was developed by > Jakub Zawadzki who wrote it for use with Webshark, https://webshark.io/ > > Use of that interface could make things like Follow Stream much easier > since you do not have to manually parse the tshark output and can > instead read JSON. As the "d" in sharkd might suggest, this process > remains up and running until you force it to quit. > > The main logic is implemented in > https://github.com/wireshark/wireshark/blob/master/sharkd_session.c > > with corresponding tests in > https://github.com/wireshark/wireshark/blob/master/test/suite_sharkd.py > > If you encounter any limitations or have suggestions, please let us > know. Thanks :) > > Kind regards, > Peter > > On Mon, Apr 22, 2019 at 10:09:17PM -0400, Graham Clark wrote: > > Hi everyone - I thought you might be interested in this spare-time > project: > > > > https://termshark.io > > > > In my professional life I quite often find myself on a remote machine > > debugging something, and with a need to look at a pcap. I wrote > termshark to > > make it easy to scan the pcap immediately and to avoid having to scp it > > around. Behind the scenes, tshark provides all the intelligence, so > > termshark > > depends on tshark being installed. Termshark runs the input pcap through > > tshark, and uses the PDML and PSML to provide Wireshark-like views of > each > > packet. Currently you can view a pcap, sniff on an interface (if > permissions > > allow), and filter using Wireshark's display filters. There's so much > more > > it > > could do easily through tshark, like stream reassembly, display of > > conversations, statistics, etc, but I wanted to push out v1 so this is > > where I > > drew the line. > > > > Termshark is written in Go and makes heavy use of the excellent tcell > > library > > for control of the terminal. Because Go is so naturally portable, there > are > > versions of termshark on github for Linux (+termux/Android), FreeBSD, > macOS > > and even Windows. > > > > The source code with build instructions is here: > > https://github.com/gcla/termshark > > > > I hope you find it useful, and I'm very interested to hear your feedback. > > > > Graham > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
