mShark - Mini Wireshark written in Go

Installation

CGO_ENABLED=0 go install -ldflags "-s -w" -trimpath github.com/shadowy-pycoder/mshark/cmd/mshark@latest

sudo setcap cap_net_raw+ep ~/go/bin/mshark

Usage

mshark -h
 ______ __ __
 / \ | \  | \
 ______ ____ | $$$$$$\| $$____ ______ ______ | $$ __
| \  \ | $$___\$$| $$ \  | \  / \ | $$ / \
| $$$$$$\$$$$\ \$$ \ | $$$$$$$\  \$$$$$$\| $$$$$$\| $$_/ $$
| $$ | $$ | $$ _\$$$$$$\| $$ | $$ / $$| $$ \$$| $$ $$
| $$ | $$ | $$| \__| $$| $$ | $$| $$$$$$$| $$ | $$$$$$\
| $$ | $$ | $$ \$$ $$| $$ | $$ \$$ $$| $$ | $$ \$$\
 \$$ \$$ \$$ \$$$$$$ \$$ \$$ \$$$$$$$ \$$ \$$ \$$
Packet Capture Tool by shadowy-pycoder
GitHub: https://github.com/shadowy-pycoder/mshark
Usage: mshark [OPTIONS]
Options:
 -h Show this help message and exit.
 -D	Display list of interfaces and exit.
 -V	Show version and build information
 -b int
 	The maximum size of packet queue. (default 8192)
 -c int
 	The maximum number of packets to capture.
 -e string
 	BPF filter expression. Example: "ip proto tcp".
 -f value
 	File extension(s) to write captured data. Supported formats: stdout, txt, pcap, pcapng
 -i string
 	The name of the network interface. Example: eth0 (default "any")
 -p	Promiscuous mode. This setting is ignored for "any" interface. Defaults to false.
 -s int
 	The maximum length of each packet snapshot. Defaults to 65535.
 -t duration
 	The maximum duration of the packet capture process. Example: 5s
 -v	Display full packet info when capturing to stdout or txt.

Example

mshark -p -f=txt -f=stdout -f=pcapng -i eth0 -e="port 53"

- Interface: eth0
- Snapshot Length: 65535
- Promiscuous Mode: true
- Timeout: 0s
- Number of Packets: 0
- Packet Buffer Size: 8192
- BPF Filter: "port 53"
- Verbose: false

Supported layers

Roadmap