MacTshark Logo

A modern network packet capture and analysis tool for macOS, providing a lightweight alternative to Wireshark with a web-based interface.

MacTshark is a network packet capture and analysis tool designed for macOS. It consists of two main components:

1. MacTsharkServer: A C++ backend server that uses tshark (Wireshark's command-line utility) to capture and process network packets, providing data in JSON format via HTTP API endpoints.

2. MacTsharkWeb: A React-based web frontend that provides a user interface for interacting with the server, visualizing network data, and analyzing packet information.

• Network packet capture and analysis
• Session tracking and analysis
• Protocol statistics
• IP geolocation information
• Real-time network adapter monitoring
• Packet detail inspection with hex data viewer
• Support for both offline PCAP file analysis and live capture

Dashboard Packet Analysis

• macOS operating system
• Wireshark installed (for tshark)
• C++14 compatible compiler
• CMake 3.31 or higher
• Node.js and npm for the web interface

1. Install Wireshark for macOS
2. Clone this repository
3. Build the server:

cd MacTsharkServer
mkdir -p build
cd build
cmake ..
make

1. Navigate to the web application directory:

cd mactsharkweb

2. Install dependencies:

npm install

3. Build for production:

npm run build

1. Start the backend server:

cd MacTsharkServer/build
./MacTsharkServer

2. Start the web interface in development mode:

cd mactsharkweb
npm start

cd mactsharkweb
npm run electron

./start_mactshark_macos.sh

The MacTsharkServer provides the following API endpoints:

• GET /api/getPacketDetail?frameNumber=1 - Get packet details
• POST /api/analysisFile - Analyze PCAP file
• GET /api/getWorkStatus - Get work status
• POST /api/startCapture - Start packet capture
• POST /api/stopCapture - Stop packet capture
• GET /api/getSessions?page=1&pageSize=10 - Get session list
• GET /api/getSessionDetail?sessionId=1 - Get session details
• GET /api/getIPStatsList?page=1&pageSize=10 - Get IP statistics
• GET /api/getProtoStatsList?page=1&pageSize=10 - Get protocol statistics
• GET /api/getCountryStatsList?page=1&pageSize=10 - Get country statistics

The repository is organized into several key directories:

• MacTsharkServer/: C++ backend server
• mactsharkweb/: React/TypeScript frontend application
• lessons/: Educational content and examples organized by lesson number
• build/: Build artifacts (generated)

For more detailed information about the project structure, see the structure documentation.

• C++14
• CMake
• SQLite3
• cpp-httplib
• RapidJSON, RapidXML
• Loguru, IP2Region

• React 18 with TypeScript
• Electron
• Arco Design UI components
• ECharts for data visualization

For more detailed information about the technical stack, see the tech documentation.

Contributions are welcome! Please feel free to submit a Pull Request.

This project is licensed under the MIT License - see the LICENSE file for details.

• Wireshark and tshark for the underlying packet capture functionality
• All open-source libraries used in this project

MacTshark 是一款为 macOS 设计的现代网络数据包捕获和分析工具,提供了一个轻量级的 Wireshark 替代品,具有基于 Web 的界面。

MacTshark 是一款为 macOS 设计的网络数据包捕获和分析工具。它由两个主要组件组成:

1. MacTsharkServer:一个 C++ 后端服务器,使用 tshark(Wireshark 的命令行工具)捕获和处理网络数据包,通过 HTTP API 端点以 JSON 格式提供数据。

2. MacTsharkWeb:一个基于 React 的 Web 前端,提供与服务器交互的用户界面,可视化网络数据并分析数据包信息。

有关更多详细信息,请参阅中文文档。