Babyshark – Wireshark made easy (terminal UI for PCAPs)

Name: Babyshark – Wireshark made easy (terminal UI for PCAPs)
Availability: InStock
Author: eigen-vector

by eigen-vector·Feb 23, 2026·151 points·47 comments

Visit Project View on HN

AI Analysis

●●SolidSolve My ProblemDark Horse

Domains-first TUI cuts through Wireshark noise; live capture works but ecosystem dominated by tcpdump+Wireshark.

Strengths

•Domains-view + flow drill-down significantly improves navigation over raw packet lists.
•Offline PCAP viewing without Wireshark; live capture with tshark integration is clean.
•DNS-over-encrypted-traffic workaround using observed IPs shows thoughtful edge-case handling.

Weaknesses

•Live capture still requires tshark binary; doesn't replace Wireshark, only wraps its workflow.
•v0.1.0 alpha status; 'weird detectors' incomplete, unclear what signals are actually implemented.

Post Description

Hey all, I built babyshark, a terminal UI for PCAPs aimed at people who find Wireshark powerful but overwhelming.

The goal is “PCAPs for humans”: Overview dashboard answers what’s happening + what to click next

Domains view (hostnames first) → select a domain → jump straight to relevant flows (works even when DNS is encrypted/cached by using observed IPs from flows)

Weird stuff view surfaces common failure/latency signals (retransmits/out-of-order hints, resets, handshake issues, DNS failures when visible)

From there you can drill down: Flows → Packets → Explain (plain-English hints) / follow stream

Commands: Offline: babyshark --pcap capture.pcap

Live (requires tshark): babyshark --list-ifaces then babyshark --live en0

Repo + v0.1.0 release: https://github.com/vignesh07/babyshark

Would love feedback on UX + what “weird detectors” you’d want next.