mshark

package module

v0.0.30 Latest Latest Go to latest Published: Jun 6, 2026 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/shadowy-pycoder/mshark

Links

Open Source Insights

README ¶

mshark_new

mShark - Mini Wireshark written in Go

GitHub go.mod Go version GitHub Release GitHub Downloads (all assets, all releases)

Installation

Arch Linux/CachyOS/EndeavourOS
```
yay -S mshark
```
Or using paru:
```
paru -S mshark
```
Download release from Releases Page.
Or install using go install (requires Go 1.26+):
```
CGO_ENABLED=0 go install -ldflags "-s -w" -trimpath github.com/shadowy-pycoder/mshark/cmd/mshark@latest
```
This will install the mshark binary to your $GOPATH/bin directory.

If you are getting a Permission denied error when running mshark, try running
```
sudo setcap cap_net_raw+ep ~/go/bin/mshark
```

Usage

mshark -h
                ______   __                            __
               /      \ |  \                          |  \
 ______ ____  |  $$$$$$\| $$____    ______    ______  | $$   __
|      \    \ | $$___\$$| $$    \  |      \  /      \ | $$  /  \
| $$$$$$\$$$$\ \$$    \ | $$$$$$$\  \$$$$$$\|  $$$$$$\| $$_/  $$
| $$ | $$ | $$ _\$$$$$$\| $$  | $$ /      $$| $$   \$$| $$   $$
| $$ | $$ | $$|  \__| $$| $$  | $$|  $$$$$$$| $$      | $$$$$$\
| $$ | $$ | $$ \$$    $$| $$  | $$ \$$    $$| $$      | $$  \$$\
 \$$  \$$  \$$  \$$$$$$  \$$   \$$  \$$$$$$$ \$$       \$$   \$$

Packet Capture Tool by shadowy-pycoder

GitHub: https://github.com/shadowy-pycoder/mshark
Codeberg: https://codeberg.org/shadowy-pycoder/mshark

Usage: mshark [OPTIONS]
Options:
  -h    Show this help message and exit.
  -D	Display list of interfaces and exit.
  -V	Show version and build information
  -b int
    	The maximum size of packet queue. (default 8192)
  -c int
    	The maximum number of packets to capture.
  -e string
    	BPF filter expression. Example: "ip proto tcp".
  -f value
    	File extension(s) to write captured data. Supported formats: stdout, txt, pcap, pcapng
  -i string
    	The name of the network interface. Example: eth0 (default "any")
  -p	Promiscuous mode. This setting is ignored for "any" interface. Defaults to false.
  -s int
    	The maximum length of each packet snapshot. Defaults to 65535.
  -t duration
    	The maximum deadline for capture process. Example: 5s
  -v	Display full packet info when capturing to stdout or txt.

Example

mshark -p -f=txt -f=stdout -f=pcapng -i eth0 -e="port 53"

The above command will capture packets containing port 53 (assumed to be DNS queries) from the eth0 interface and write the captured data to stdout, txt, and file in pcapng format. Files are created in the current working directory.

Output:

- Interface: eth0
- Snapshot Length: 65535
- Promiscuous Mode: true
- Timeout: 0s
- Number of Packets: 0
- Packet Buffer Size: 8192
- BPF Filter: "port 53"
- Verbose: false

Screenshot from 2024-09-17 09-37-50

With -v flag enabled, you will see more detailed information:

Screenshot from 2024-09-17 09-56-20

Supported layers

Roadmap

Online packet capture to stdout, txt, pcap and pcapng files
Offline packet capture from pcap and pcapng files
Add proper parsing for SNMP messages
Add packet generation and packet injection functionality

Documentation ¶

Overview ¶

Package mshark is a simple packet capture tool

Index ¶

Constants
Variables
func OpenLive(conf *Config, pw ...PacketWriter) error
type Config
- func NewConfig(s string) (*Config, error)
type ExtNames
- func NewExtNames(exts string) (*ExtNames, error)
- func (en *ExtNames) MarshalText() ([]byte, error)
- func (en *ExtNames) UnmarshalText(b []byte) error
type PacketWriter
type Writer
- func NewWriter(w io.Writer, verbose bool) *Writer

Constants ¶

View Source

const Version string = "mshark v0.0.30"

Variables ¶

View Source

var (
	SupportedFormats = []string{"stdout", "txt", "pcap", "pcapng"}
)

Functions ¶

func OpenLive ¶

func OpenLive(conf *Config, pw ...PacketWriter) error

OpenLive opens a live capture based on the given configuration and writes all captured packets to the given PacketWriters.

Types ¶

type Config ¶

type Config struct {
	Device       *net.Interface // The name of the network interface ("any" means listen on all interfaces).
	Snaplen      int            // The maximum length of each packet snapshot.
	Promisc      bool           // Promiscuous mode. This setting is ignored for "any" interface.
	Timeout      time.Duration  // The maximum deadline for new packet to arrive
	PacketCount  int            // The maximum number of packets to capture.
	PacketBuffer int            // The maximum size for packet buffer (Default: 8192)
	Expr         string         // BPF filter expression.
	Exts         ExtNames       // file formats to put packet capture
}

func NewConfig ¶ added in v0.0.26

func NewConfig(s string) (*Config, error)

NewConfig creates Config from a list of options separated by semicolon.

Example: "interface eth0;snaplen 65535;promisc true;timeout 10s;packet_count 100;packet_buffer 8192;expr ip proto tcp;exts stdout,txt,pcap,pcapng". All fields in configuration string are optional.

type ExtNames ¶ added in v0.0.26

type ExtNames []string

func NewExtNames ¶ added in v0.0.26

func NewExtNames(exts string) (*ExtNames, error)

func (*ExtNames) MarshalText ¶ added in v0.0.26

func (en *ExtNames) MarshalText() ([]byte, error)

func (*ExtNames) UnmarshalText ¶ added in v0.0.26

func (en *ExtNames) UnmarshalText(b []byte) error

type PacketWriter ¶

type PacketWriter interface {
	WritePacket(timestamp time.Time, data []byte) error
	io.Closer
	Name() string
}

type Writer ¶

type Writer struct {
	// contains filtered or unexported fields
}

func NewWriter ¶

func NewWriter(w io.Writer, verbose bool) *Writer

NewWriter creates a new mshark Writer.

func (*Writer) Close ¶ added in v0.0.26

func (mw *Writer) Close() error

func (*Writer) Name ¶ added in v0.0.26

func (mw *Writer) Name() string

func (*Writer) WriteHeader ¶

func (mw *Writer) WriteHeader(c *Config) error

WriteHeader writes a header to the writer.

The header contains metadata about the capture, such as the interface name, snapshot length, promiscuous mode, timeout, number of packets, and BPF filter.

The header is written in the following format:

Interface: eth0
Snapshot Length: 65535
Promiscuous Mode: true
Timeout: 5s
Number of Packets: 0
Packet Buffer Size: 8192
BPF Filter: "ip proto tcp"
Verbose: true

func (*Writer) WritePacket ¶

func (mw *Writer) WritePacket(timestamp time.Time, data []byte) error

WritePacket writes a packet to the writer, along with its timestamp.

Timestamps are to be generated by the calling code.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
moui command
mshark command
layers Package layers	Package layers
mpcap Package mpcap implements PCAP Capture File Format	Package mpcap implements PCAP Capture File Format
mpcapng Package mpcapng implements PCAP Next Generation (pcapng) Capture File Format	Package mpcapng implements PCAP Next Generation (pcapng) Capture File Format
native Package native determines host machine endianness	Package native determines host machine endianness
network Package network provides utility functions to extract some data about network	Package network provides utility functions to extract some data about network
oui Package oui provides functions to generate hardware vendor names from hardware addresses	Package oui provides functions to generate hardware vendor names from hardware addresses
magefiles command

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL