mShark - Mini Wireshark written in Go

Installation

CGO_ENABLED=0 go install -ldflags "-s -w" -trimpath github.com/shadowy-pycoder/mshark/cmd/mshark@latest

This will install the mshark binary to your $GOPATH/bin directory.

If you are getting a Permission denied error when running mshark, try running

sudo setcap cap_net_raw+ep ~/go/bin/mshark

Usage

mshark -h

                ______   __                            __       
               /      \ |  \                          |  \      
 ______ ____  |  $$$$$$\| $$____    ______    ______  | $$   __ 
|      \    \ | $$___\$$| $$    \  |      \  /      \ | $$  /  \
| $$$$$$\$$$$\ \$$    \ | $$$$$$$\  \$$$$$$\|  $$$$$$\| $$_/  $$
| $$ | $$ | $$ _\$$$$$$\| $$  | $$ /      $$| $$   \$$| $$   $$ 
| $$ | $$ | $$|  \__| $$| $$  | $$|  $$$$$$$| $$      | $$$$$$\ 
| $$ | $$ | $$ \$$    $$| $$  | $$ \$$    $$| $$      | $$  \$$\
 \$$  \$$  \$$  \$$$$$$  \$$   \$$  \$$$$$$$ \$$       \$$   \$$
                                                                                                                                                                                              
Packet Capture Tool by shadowy-pycoder 

GitHub: https://github.com/shadowy-pycoder/mshark

Usage: mshark [OPTIONS]
Options:
  -h    Show this help message and exit.
  -D    Display list of interfaces and exit.
  -c int
        The maximum number of packets to capture.
  -e string
        BPF filter expression. Example: "ip proto tcp"
  -f value
        File extension(s) to write captured data. Supported formats: stdout, txt, pcap, pcapng
  -i string
        The name of the network interface. Example: eth0 (default "any")
  -p    Promiscuous mode. This setting is ignored for "any" interface. Defaults to false.
  -s int
        The maximum length of each packet snapshot. Defaults to 65535.
  -t duration
        The maximum duration of the packet capture process. Example: 5s
  -v	Display full packet info when capturing to stdout or txt.

Example

mshark -p -f=txt -f=stdout -f=pcapng -i eth0 -e="port 53"

The above command will capture packets containing port 53 (assumed to be DNS queries) from the eth0 interface and write the captured data to stdout, txt, and file in pcapng format. Files are created in the current working directory.

Output:

- Interface: eth0
- Snapshot Length: 65535
- Promiscuous Mode: true
- Timeout: 0s
- Number of Packets: 0
- BPF Filter: "port 53"
- Verbose: false

With -v flag enabled, you will see more detailed information:

Supported layers

• Ethernet
• IPv4
• IPv6
• ARP
• ICMP
• ICMPv6
• TCP
• UDP
• DNS
• HTTP
• SNMP
• FTP
• SSH
• TLS

Roadmap

• Online packet capture to stdout, txt, pcap and pcapng files
• Offline packet capture from pcap and pcapng files
• Add proper parsing for SNMP messages
• Add packet generation and packet injection functionality