alt Hacker NewsShow HN: Babyshark – Wireshark made easy (terminal UI for PCAPs)
Hey all, I built babyshark, a terminal UI for PCAPs aimed at people who find Wireshark powerful but overwhelming.
The goal is “PCAPs for humans”: Overview dashboard answers what’s happening + what to click next
Domains view (hostnames first) → select a domain → jump straight to relevant flows (works even when DNS is encrypted/cached by using observed IPs from flows)
Weird stuff view surfaces common failure/latency signals (retransmits/out-of-order hints, resets, handshake issues, DNS failures when visible)
From there you can drill down: Flows → Packets → Explain (plain-English hints) / follow stream
Commands: Offline: babyshark --pcap capture.pcap
Live (requires tshark): babyshark --list-ifaces then babyshark --live en0
Repo + v0.1.0 release: https://github.com/vignesh07/babyshark
Would love feedback on UX + what “weird detectors” you’d want next.
Comments
the overwhelming part of wireshark is, at least in my experience teaching networking at a college level, the actual networking part. protocols, flows, packet structure, etc. kids tend to be up to speed on the UI part pretty quickly.
what the kids in my classes really struggle with is actually using any command line stuff (at least for a month or two), because it is so foreign to them (coming from GUI-only experience).
what specific parts are made easier with babyshark, compared to wireshark? the github readme didnt really sell me on the "easier than GUI" part, nor did your description here. is it the "explain (plan-English hints)" part? if so, i think you should focus on that. right now it looks pretty bare bones (e.g. "Weird stuff" does not seem easier or super helpful from a learning perspective)
Regardless of the result of the TUI - I'd try this out just because you found the perfect name. Well done!
This might be a clone of termshark as it does the same thing for the most part. Also to note that the Author's Github profile shows a good bit of vibe coding as of late.
Looking over the commit history of this project, I'm about 90% sure it was entirely done with a AI Coding Agent, and not even a very good one.
Very cool, reminds me of sngrep, which I really like for analyzing SIP pcaps
Love the idea, but please add some demo screenshots on GitHub. All UI tools should
As a parent and a former network engineer, I both love you and hate you for choosing this name.
What's funny is that wireshark/tshark were created (first as "Ethereal") as a "friendlier" tcpdump, with more protocol analyzers.
Sometimes projects are created and then named, this was named and then created.
I am in the target audience of "would like to see network activity and debug occasional traffic but totally overwhelmed by termshark." So I appreciate the "what should I click?" thing, and offering weird flows to investigate.
---
Some UX bits I noticed after playing around for a few minutes:
- Esc for backwards navigation was not obvious for me. Maybe emphasize that somehow, and/or support Backspace too for backnav?
- Enter on Domains menu item does not work
- don't mention clicking if mouse is not supported. "Select" would be more appropriate
- packets screen is truncated vertically and horizontally. Probably should be scrollable
- "weird stuff" options are numbered 1-5, but pressing those keys has no effect. There's lots of little polish fixes like this.
---
And then things I wonder about as a novice user:
- Is it possible to see domain names instead of IP addresses while e.g. looking at packets?
- What does it mean to f stream?
- How do I inspect packets? Especially compressed or encrypted data? This is more a knowledge gap, like "what am I supposed to look for", "what could be in a packet", and I guess involves reverse engineering sometimes, but it's also a tooling question.