alt Hacker NewsI'm not trying to say it's better than the GUI but it hopes to be more guided. it’s *opinionated* about the first 60 seconds:
- *Overview dashboard*: immediately surfaces top talkers/flows + “what should I click next” instead of dropping you into the full packet list. - *Domains-first pivot*: `D` shows hostnames and lets you jump from a domain → the relevant flows. It also works when DNS answers aren’t visible (DoH/DoT/cached) by using observed IPs from SNI/Host flows. - *Weird stuff*: `W` is a curated set of “likely problems” (retransmits/out-of-order hints, resets, handshake issues, DNS failures when visible) with a short “why it matters” and a drill-down. - *Explain*: `?` gives plain-English hints for a selected flow + suggested next steps (follow stream, filter, pivot to domains/weird).
So it’s basically a guided triage layer on top of tshark/pcap data, with the “where do I start?” path baked in.
If you’ve got a specific teaching use-case (e.g. “why is this slow?” or “which host is generating traffic?”), I’d love to tune the Overview/Weird detectors around that. Open to PRs as well.
Replies
I was with your parent until I remembered I haven't actually given it a go! In my defense I have a low five digit Slashdot ID (and I lurked for some years before signing up) so if anyone can comment without actually reading the OP, let alone giving it a go: Its me!
(digs out git ...)
>So it’s basically a guided triage layer on top of tshark/pcap data, with the “where do I start?” path baked in.
i think there is definitely room for something like this, it just (at first glance from the readme at least) seems like the guided part of this tool is bolted on as a bit of an after thought.
it feels like you are currently in an odd position where the user is expected to know the networking jargon already, be able to recognize that something might be "weird" at a glance, but also not know how to drill down into the data. i think that is probably a small overlap of people.
if i were you, i would lean all-in on making it a learning tool.
>If you’ve got a specific teaching use-case (e.g. “why is this slow?” or “which host is generating traffic?”), I’d love to tune the Overview/Weird detectors around that.
i will put some thought into some real-world examples of what i would be interested in, from a teaching perspective. your post caught my eye because i am starting my wireshark module next week, so it is certainly timely.