Termshark in docker !!


Wireshark in a terminal …

Termshark is pretty cool utility https://termshark.io/, essentially wireshark in a terminal mode. It can be run in a docker container as shown and on kubernetes (coming up soon ;-).

Building a poc container

docker run -itd --privileged=true --net=host --name termshark ubuntudocker exec -it termshark bash

Please note the required --privileged flag, if not, you get some strange error messages. The --net=host flag allows you to capture the host network and see some host network related traffic.

Install the dependencies and binary

apt-get -y update
apt-get install net-tools
apt install -y termshark #you need to answer some questions

Let’s try

termshark -i eth0

Voila …



Philippe Bogaerts

#BruCON co-founder, #OWASP supporter, Application Delivery and Web Application Security, #Kubernetes and #container, #pentesting enthousiast, BBQ & cocktails !!