Bug#927799: RFP: termshark -- simple terminal user-interface for tshark

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#927799: RFP: termshark -- simple terminal user-interface for tshark
From: Antoine Beaupre <anarcat@debian.org>
Date: Tue, 23 Apr 2019 09:25:24 -0400
Message-id: <[🔎] 155602592439.22488.14808619032397409751.reportbug@curie.anarc.at>
Reply-to: Antoine Beaupre <anarcat@debian.org>, 927799@bugs.debian.org

Package: wnpp
Severity: wishlist

* Package name    : termshark
  Version         : 1.0.0
  Upstream Author : gcla
* URL             : https://termshark.io/
* License         : MIT/Expat?
  Programming Lang: Golang
  Description     : simple terminal user-interface for tshark

A terminal user-interface for tshark, inspired by Wireshark.

If you're debugging on a remote machine with a large pcap and no
desire to scp it back to your desktop, termshark can help!

Features

 * Read pcap files or sniff live interfaces (where tshark is permitted).
 * Inspect each packet using familiar Wireshark-inspired views
 * Filter pcaps or live captures using Wireshark's display filters
 * Copy ranges of packets to the clipboard from the terminal
 * Written in Golang, compiles to a single executable on each platform
   - downloads available for Linux (+termux), macOS, FreeBSD, and
   Windows

----

I don't believe there's any tool as powerful to do packet analysis
interactively without a graphical user interface, directly on the
server. This has several benefits:

 * packet analysis can be done directly on the server, in real-time,
   without having to copy files over the a GUI-enabled machine, do X
   forwarding or other shenanigans

 * possible compromise through the packet analysis software doesn't
   contaminate external machines because of the "I need to load that
   pcap file on my desktop" vector

 * it makes Xorg and Wayland haters and greybeard UNIX hackers happier
   because they can look even more 133t by running even more stuff in
   a dark obscure terminal no one else can possibly understand (not
   that Wireshark was particularly intuitive itself, of course, but
   this is an added bonus)

It has a bunch of dependencies:

https://github.com/gcla/termshark/blob/master/go.mod

This is an estimate of the work needed:

$ dh-make-golang estimate github.com/gcla/termshark
2019/04/23 09:02:34 Bringing github.com/gcla/termshark to Debian requires packaging the following Go packages:
github.com/gcla/termshark
  github.com/gcla/gowid
          github.com/go-test/deep
  gopkg.in/fsnotify.v1
  github.com/gcla/deep

I believe the `fsnotify` package is a false positive there, there is
at least two versions of this in Debian already:

https://tracker.debian.org/pkg/golang-fsnotify
https://tracker.debian.org/pkg/golang-github-howeyc-fsnotify

... not sure what's up with that. I haven't found anything for
go-test/deep or gcla/deep (are those the same thing?) or gcla/gowid
either. The latter (gowid) might be especially problematic because
there are *many* such libraries in the golang world:

https://github.com/gcla/gowid#similar-projects
https://appliedgo.net/tui/

... and gowid is not a particularly popular one:

https://libs.garden/go/terminal?sort=popular

It might nevertheless not be a problem to have distinct codebases as
long as they don't overlap, just like we have (say) GTK and QT. ;)

I'd love if someone from the golang team would just tackle this, but I
might do it myself if the needs becomes too pressing.

Reply to:

Follow-Ups:
- Bug#927799: RFP: termshark -- simple terminal user-interface for tshark
  - From: Dawid Dziurla <dawidd0811@gmail.com>

Prev by Date: Bug#927248: marked as done (ITP: redfishtool -- redfish command-line client)
Next by Date: Bug#927799: RFP: termshark -- simple terminal user-interface for tshark
Previous by thread: VIKTIG!! Jag spelade in när du onanerade! Jag har spelat in Wnpp.mp4.
Next by thread: Bug#927799: RFP: termshark -- simple terminal user-interface for tshark
Index(es):
- Date
- Thread