Skip to content

shadowy-pycoder/mshark

BranchesTags

Repository files navigation

mshark_new

mShark - Mini Wireshark written in Go

Go Reference License: MIT GitHub go.mod Go version Go Report Card GitHub Release GitHub Downloads (all assets, all releases)

Installation

Download release from Releases Page.

Or install using go install (requires Go 1.23+ but may work with older versions):

CGO_ENABLED=0 go install -ldflags "-s -w" -trimpath github.com/shadowy-pycoder/mshark/cmd/mshark@latest

This will install the mshark binary to your $GOPATH/bin directory.

If you are getting a Permission denied error when running mshark, try running

sudo setcap cap_net_raw+ep ~/go/bin/mshark

Usage

mshark -h
                ______   __                            __
               /      \ |  \                          |  \
 ______ ____  |  $$$$$$\| $$____    ______    ______  | $$   __
|      \    \ | $$___\$$| $$    \  |      \  /      \ | $$  /  \
| $$$$$$\$$$$\ \$$    \ | $$$$$$$\  \$$$$$$\|  $$$$$$\| $$_/  $$
| $$ | $$ | $$ _\$$$$$$\| $$  | $$ /      $$| $$   \$$| $$   $$
| $$ | $$ | $$|  \__| $$| $$  | $$|  $$$$$$$| $$      | $$$$$$\
| $$ | $$ | $$ \$$    $$| $$  | $$ \$$    $$| $$      | $$  \$$\
 \$$  \$$  \$$  \$$$$$$  \$$   \$$  \$$$$$$$ \$$       \$$   \$$

Packet Capture Tool by shadowy-pycoder

GitHub: https://github.com/shadowy-pycoder/mshark

Usage: mshark [OPTIONS]
Options:
  -h    Show this help message and exit.
  -D	Display list of interfaces and exit.
  -V	Show version and build information
  -b int
    	The maximum size of packet queue. (default 8192)
  -c int
    	The maximum number of packets to capture.
  -e string
    	BPF filter expression. Example: "ip proto tcp".
  -f value
    	File extension(s) to write captured data. Supported formats: stdout, txt, pcap, pcapng
  -i string
    	The name of the network interface. Example: eth0 (default "any")
  -p	Promiscuous mode. This setting is ignored for "any" interface. Defaults to false.
  -s int
    	The maximum length of each packet snapshot. Defaults to 65535.
  -t duration
    	The maximum duration of the packet capture process. Example: 5s
  -v	Display full packet info when capturing to stdout or txt.

Example

mshark -p -f=txt -f=stdout -f=pcapng -i eth0 -e="port 53"

The above command will capture packets containing port 53 (assumed to be DNS queries) from the eth0 interface and write the captured data to stdout, txt, and file in pcapng format. Files are created in the current working directory.

Output:

- Interface: eth0
- Snapshot Length: 65535
- Promiscuous Mode: true
- Timeout: 0s
- Number of Packets: 0
- Packet Buffer Size: 8192
- BPF Filter: "port 53"
- Verbose: false

Screenshot from 2024-09-17 09-37-50

With -v flag enabled, you will see more detailed information:

Screenshot from 2024-09-17 09-56-20 Screenshot from 2024-09-17 09-56-47

Supported layers

Roadmap

  • Online packet capture to stdout, txt, pcap and pcapng files
  • Offline packet capture from pcap and pcapng files
  • Add proper parsing for SNMP messages
  • Add packet generation and packet injection functionality

About

Simple packet capture tool

Topics

golang packet-analyser wireshark packet-sniffer tcpdump oui tshark packet-capture ouilookup

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 11

v0.0.17 Latest
Sep 30, 2025
+ 10 releases

Packages

No packages published

Languages