Skip to content

shadowy-pycoder/mshark

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
cmd/mshark
cmd/mshark
 
 
layers
layers
 
 
mpcap
mpcap
 
 
mpcapng
mpcapng
 
 
native
native
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
mshark.go
mshark.go
 
 
mshark_test.go
mshark_test.go
 
 

Repository files navigation

mshark_new

mShark - Mini Wireshark written in Go

Go Reference License: MIT GitHub go.mod Go version Go Report Card GitHub Release GitHub Downloads (all assets, all releases)

Installation

Download release from Releases Page.

Or install using go install (requires Go 1.23+ but may work with older versions):

CGO_ENABLED=0 go install -ldflags "-s -w" -trimpath github.com/shadowy-pycoder/mshark/cmd/mshark@latest

This will install the mshark binary to your $GOPATH/bin directory.

If you are getting a Permission denied error when running mshark, try running

sudo setcap cap_net_raw+ep ~/go/bin/mshark

Usage

mshark -h

                ______   __                            __       
               /      \ |  \                          |  \      
 ______ ____  |  $$$$$$\| $$____    ______    ______  | $$   __ 
|      \    \ | $$___\$$| $$    \  |      \  /      \ | $$  /  \
| $$$$$$\$$$$\ \$$    \ | $$$$$$$\  \$$$$$$\|  $$$$$$\| $$_/  $$
| $$ | $$ | $$ _\$$$$$$\| $$  | $$ /      $$| $$   \$$| $$   $$ 
| $$ | $$ | $$|  \__| $$| $$  | $$|  $$$$$$$| $$      | $$$$$$\ 
| $$ | $$ | $$ \$$    $$| $$  | $$ \$$    $$| $$      | $$  \$$\
 \$$  \$$  \$$  \$$$$$$  \$$   \$$  \$$$$$$$ \$$       \$$   \$$
                                                                                                                                                                                              
Packet Capture Tool by shadowy-pycoder 

GitHub: https://github.com/shadowy-pycoder/mshark

Usage: mshark [OPTIONS]
Options:
  -h    Show this help message and exit.
  -D    Display list of interfaces and exit.
  -c int
        The maximum number of packets to capture.
  -e string
        BPF filter expression. Example: "ip proto tcp"
  -f value
        File extension(s) to write captured data. Supported formats: stdout, txt, pcap, pcapng
  -i string
        The name of the network interface. Example: eth0 (default "any")
  -p    Promiscuous mode. This setting is ignored for "any" interface. Defaults to false.
  -s int
        The maximum length of each packet snapshot. Defaults to 65535.
  -t duration
        The maximum duration of the packet capture process. Example: 5s
  -v	Display full packet info when capturing to stdout or txt.

Example

mshark -p -f=txt -f=stdout -f=pcapng -i eth0 -e="port 53"

The above command will capture packets containing port 53 (assumed to be DNS queries) from the eth0 interface and write the captured data to stdout, txt, and file in pcapng format. Files are created in the current working directory.

Output:

- Interface: eth0
- Snapshot Length: 65535
- Promiscuous Mode: true
- Timeout: 0s
- Number of Packets: 0
- BPF Filter: "port 53"
- Verbose: false

Screenshot from 2024-09-17 09-37-50

With -v flag enabled, you will see more detailed information:

Screenshot from 2024-09-17 09-56-20 Screenshot from 2024-09-17 09-56-47

Supported layers

Roadmap

  • Online packet capture to stdout, txt, pcap and pcapng files
  • Offline packet capture from pcap and pcapng files
  • Add proper parsing for SNMP messages
  • Add packet generation and packet injection functionality

About

Simple packet capture tool

Topics

golang packet-analyser wireshark packet-sniffer tcpdump tshark packet-capture

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v0.0.2 Latest
Dec 15, 2024

Packages

No packages published

Languages