Termshark in docker !!

Wireshark in a terminal …

Termshark is pretty cool utility https://termshark.io/, essentially wireshark in a terminal mode. It can be run in a docker container as shown and on kubernetes (coming up soon ;-).

Building a poc container

docker run -itd --privileged=true --net=host --name termshark ubuntu
docker exec -it termshark bash

Please note the required --privileged flag, if not, you get some strange error messages. The --net=host flag allows you to capture the host network and see some host network related traffic.

Install the dependencies and binary

apt-get -y update
apt-get install net-tools
apt install -y termshark     #you need to answer some questions

Let’s try

termshark -i eth0

Voila …