Skip to content

Top Best Ask Show New Jobs

Show HN: NetSour, CLI Based Wireshark (opens in new tab)

(github.com)

59 pointsthegoodduck1y ago41 comments

This code is still in early beta, but i sincerley hope it will become as ubiquitous as VIM on Linux.

41 comments

29 comments · 9 top-level

rmetzler1y ago· 6 in thread

How would you compare this to termshark / tshark?

It is basically Scapy with 200 lines of code to make it easier to start. That means tshark is alot better as a cli/DSL. Interactiveness is not what Scapy is good at, it is marvelous when you need to e.g. send events to other services based on custom packet event.

EDIT: I wonder if there is some nice TUI debugger interface/IDE that one could reuse for this. Handling traces Live like this has always been a special skill so I guess specialized tools is a must.. But one would think that all the tooling around KUtrace/ebpf/tcpdump could be generalized in some way.

thegoodduckOP1y ago

I don't understand your TUI thing... Can you pls clarify???

thegoodduckOP1y ago

I just tried tshark, it outputs just raw packet info without any formatting. My code frmats the packets and gives more usefull insights only when prompted

termshark is a TUI for tshark. So termshark looks a lot like wireshark but in a terminal.

thegoodduckOP1y ago

thark doesnt have automatic DOS detection nor MITM setup(beta)

lmz1y ago

Detecting "DOS" by putting the packets into a Python buffer seems... counterproductive.

ranger_danger1y ago· 3 in thread

I have found that many people will simply ignore a project with no screenshots, it might be a good idea to at least throw one up there.

thegoodduckOP1y ago

Have you got an idea how to embed screenshots in README???

jeffalyanak1y ago

You can just use normal markdown format.

For example, if you have your screenshots in a directory in the repo called `docs/images` you can include it with:

![alt text goes here](docs/images/example.png)

ranger_danger1y ago

I would look at one of the many other projects that have them in their readme and see how they do it, I think it's with a certain markdown syntax but I don't know it off the top of my head. Hope this helps.

pharos921y ago· 2 in thread

It kills me every time I see a link to a github project that sounds promising, but there's no screenshot.

Edit: As pointed out by doakes [1], the project is built by a 13 year old. With that context, I want to preface my original comment by congratulating TheGoodDuck on this project. What follows is criticism, but also do not take it too harshly. These are things I'd expect a developer with experience to know, but not a junior. As you might gather, the issues are even common among seasoned developers. So take the comments as a learning opportunity and remember that criticism of a work is not a criticism of you. These are also soft skills which are often not explicitly taught, but critical to growing as an engineer/developer. If you're doing this at this age and you keep up the work and dedication, you will be a force to reckon with in no time. I am not editing my original comment as this is how I would talk peer to peer and you're a peer ;) But I also wanted to give this context and preface because the style of language is a bit strong. Also note that these issues are very solvable and solving them will make your project even better.

The comments are there to help you improve, not to put you down.

---------------------------------------

You're not alone. Even worse when it is a product page. Just how often I see some product or project and are unable to actually determine what the thing does or why I would want to use it or even HOW to use it.

I can give GitHub projects a pass when someone else links them, but the poster is the author so no pass. This is "Show HN". Please __show__. I do like to try out new projects and tools, but where's the hook?

Also, do not underestimate the importance of documentation. Hell, I document predominantly for myself. I know I'm not alone in forgetting how things work if I haven't touched a project in awhile (which can even be going to lunch on bad days). This is also critical for any users. Encourage them to add docs, make it easy, and when addressing issues recognize that just because it is in the docs does not mean it's interpretable from user context.

If you want to demonstrate a CLI or TUI tool, a common helper is asciinema[0]. You can record your terminal and they'll host the output for you. You'll frequently see these on GitHub and even a 10 second video that is clunky/slow with key presses (or way too fast) is better than nothing. UIs matter and aren't as simple/obvious as many think.

Also, drop a license file in there. Not just a line in your README. Come on, GitHub even hands these files to you so it is the same work to write in your README as it is to drop that file in (though you should always mod those licenses headers to be about you and your project). Without the license file, your license is ambiguous and may not actually protect your project as intended. The full text needs to exist.

[0] https://asciinema.org/

[1] https://news.ycombinator.com/item?id=41010519

thegoodduckOP1y ago

I added a licence and will try to build documentation. (For the record this code is 10 days old!)

steve19771y ago· 2 in thread

You might want to put __pycache__ in your .gitignore, check here for example: https://github.com/github/gitignore/blob/main/Python.gitigno...

thegoodduckOP1y ago

I'll do it as soon um off my old unsupporting github phone... in summer camp

FYI: If you can access the website on your phone (I'm assuming you can since you made this comment), you can make small edits like this from there. Navigate to your repo, click on the ".gitignore" file, select the 3 dots to the right, and click "edit in place". You can then add the line and make the commit. But note that this will not remove the __pycache__ file from the repo, though you can also perform that from your browser through a similar process.

hnlmorg1y ago· 2 in thread

I commend the effort, it’s always nice seeing people working on usability improvements for staple systems tools. But I have to ask the following since given your ubiquity comment:

What’s the advantage of this over using tcpdump directly?

thegoodduckOP1y ago

You can extend this with like addons type for detecting ddos...

DDoS is probably not a great example to lead with because odds are your Python application will hang quicker than the hosts network stack.

But that aside, the addons idea is an interesting one.

doakes1y ago· 2 in thread

If people didn't notice, this was built by a 13 year old. This is a fun space to be building stuff in. Neat little project and I hope you keep it up!

JoosToopit1y ago

But I don't care how old they are, why did you mention that property as if it's something relevant to how the project should be perceived?

fullspectrumdev1y ago

Because this kids writing code a lot better than many professional programmers.

thegoodduckOP1y ago· 2 in thread

Any good screnshoting tool for linux on rpi os? I never found one...

I mention asciinema in my other comment[0], but there are a number of tools. The one to use depends on your system and the archwiki has a good list[1]. Assuming you're not using Wayland, ffmpeg is probably going to work[2]. Gimp and ImageMagick also provide tools to help.

[0] https://asciinema.org/ | https://news.ycombinator.com/item?id=41010530

[1] https://wiki.archlinux.org/title/Screen_capture

[2] https://trac.ffmpeg.org/wiki/Capture/Desktop

thegoodduckOP1y ago

Im using wayland...

SushiHippie1y ago· 1 in thread

I can really recommend

https://termshark.io/

It looks basically exactly like the Wireshark UI, but it's a TUI. So if I need some more interactivity than tcpdump, I use termshark instead.

rendaw1y ago

I just tried termshark a couple weeks ago. It _was_ just like wireshark, which was nice. However:

* There's a "screensaver" which activates after a couple seconds and requires extra button presses to get back to real data

* In several sessions the TUI output got corrupt

* It has problems with remembering field expansion - I'd expand one field and it'd expand all the other fields after a second delay, while looking at the same message even.

* It felt pretty slow to start up

* I felt like I had some issues with filter accuracy

But it got the job done and most issues were easy enough to work around.

peddling-brink1y ago

Neat project, keep going!

Any thoughts on how to differentiate your work from other cli packet capturing and display utilities such as gosniff or termshark?

j / k navigate · click thread line to collapse