AppIcon
TcpShark

Packet analyzer specializing in TCP analysis.

image1
Learn more
Hide text
TcpShark is CLI utility which uses Wireshark as an analysis engine.

We cannot investigate a network trouble packets without analyzing packets. However, even with Wireshark, it requires craftsmanship and experience to analyze large amount and more comprex TCP streams.
This utility graphically displays the packet flow on a TCP stream. Thereby, it easy for anyone to understand the end-to-end data flow.
I'm sure that TcpShark help your troubleshooting as a complementary utility to Wireshark.


Features

  • Unique format
    • Data size, window size, and SEQ/ACK number are displayed in an well-ordered column. So, you become easier to read the tendency / change in each field of TCP header.

  • Intuitive design
    • Packet direction, TCP flags (e.g. SYN, RST) and analysis information (e.g. packet loss, retransmission) are displayed with coloured lettering. So, you become easier to notice abnormalities even in a large amount of captured data.

  • Customizable
    • Various protocol fields supported by Wireshark (e.g. HTTP request URI, HTTP status code) can be display optionally. So, you can analyze in association with protocol information other than TCP.


Installation

  1. Downloads the script file in /usr/local/bin directory.
    2. $ wget https://raw.githubusercontent.com/manabapp/TcpShark/main/tcpshark
Or
$ curl -o tcpshark https://raw.githubusercontent.com/manabapp/TcpShark/main/tcpshark
  2. Gives you permission to execute the file.
    3. $ chmod 0755 tcpshark
  3. (Optional) Sets TCPSHARK_APPEARANCE in .bash_profile, .zprofile, etc.
    4. e.g. when your terminal background color is black
    export TCPSHARK_APPEARANCE=Dark
  4. (Windows only) Sets TCPSHARK_TSHARK_COMMAND in .bash_profile, .zprofile, etc.
    5. e.g. When you install Wireshark to "C:¥Program Files" folder
    export TCPSHARK_TSHARK_COMMAND="/cygdrive/c/Program Files/Wireshark/tshark.exe"


Examples

  • list mode
    • Lists the TCP streams with in capture data.
image1
  • flow mode
    • Displays the TCP stream specified by identifier (Index in list mode).
image1
  • one mode
    • Displays the TCP packet specified by frame number (No. in flow mode).
image1
  • Analysis information
    • Displays the TCP analysis information (e.g. packet loss, duplicate ack) supported by Wireshark with coloured lettering.
image1 image1
  • Custom field
    • Displays any field (e.g. TCP RTT) additionaly.
image1 image1
Hide text

HomePage      GitHub
TcpShark runs on terminal in Linux/Solaris/macOS/Windows.

© 2022 manabapp.
English | Japanese