Termshark can be a live saver if you need to analyze large packet captures. The GUI of Wireshark was almost unusable with some large (30 GiB or something?) capture on my development laptop and some filters. Termshark did not process that data quickly but at least allowed me to get the job done.
Many times I Google something like "Wireshark from remote ssh" and I manage to stream the remote tshark stream to my local Wireshark UI. However, this is very interesting and welcoming project, and I guess it will make it simpler in many use cases
The other way to do it is ssh to remote box, `tcpdump -w foo.pcap` there, then bring it back by scp and you can open it for analysis in full wireshark.
> If you're ok installing stuff on the remote side, which you'd need to be to run this anyway
It is more likely easier to build / install this on a remote server than to have X11 forwarding.
- X11 fwd is often disabled in sshd config, as it introduces a number of backchannels for a compromised server to leak to the client.
- If you're working on a remote _server_, it is very unlikely that an X client will be available there. Building an X client & it's dependencies as non-root is a thousand times worst than building such a small TUI. Been there, done that.
- Remote X11 is horribly slow, you'll most likely want some more modern variant (x2go & co), which will be a nightmare to build, or tunnel.
Installing wireshark on non-gui machines brings tons of junk.. just tried this on Ubuntu's minimal container with tshark installed -- and by default, wireshark brings in 206 extra packages, including python3 and systemd. It's a bit better with --no-install-recommends, but still 105 extra packages.
termshark, being written in go, has zero (0) extra packages other than tshark.
I don't mean to ask a crass question, but is the project potentially abandoned? It certainly still gets issues but hasn't received updates for a long time.