Show HN: Babyshark – Wireshark made easy (terminal UI for PCAPs) (github.com)
Hey all, I built babyshark, a terminal UI for PCAPs aimed at people who find Wireshark powerful but overwhelming.
The goal is “PCAPs for humans”: Overview dashboard answers what’s happening + what to click next
Domains view (hostnames first) → select a domain → jump straight to relevant flows (works even when DNS is encrypted/cached by using observed IPs from flows)
Weird stuff view surfaces common failure/latency signals (retransmits/out-of-order hints, resets, handshake issues, DNS failures when visible)
From there you can drill down: Flows → Packets → Explain (plain-English hints) / follow stream
Commands: Offline: babyshark --pcap capture.pcap
Live (requires tshark): babyshark --list-ifaces then babyshark --live en0
Repo + v0.1.0 release: https://github.com/vignesh07/babyshark
Would love feedback on UX + what “weird detectors” you’d want next.
21 comments
[ 3.0 ms ] story [ 38.6 ms ] threadLooking over the commit history of this project, I'm about 90% sure it was entirely done with a AI Coding Agent, and not even a very good one.
I have a business partner who sounds like a TV evangelist when it comes to vibe coding but if he gets results then I am all in. He has got quite a lot of results in a few months on a project but he has certainly put the miles in himself.
The key is to use the tool appropriately. Don't blindly allow it to do what it likes but guide it all the way using your experience and knowledge.
Anyway, we now have tsharkrs to add to gotshark!
That only works if there's a sliver of honesty left though.
what the kids in my classes really struggle with is actually using any command line stuff (at least for a month or two), because it is so foreign to them (coming from GUI-only experience).
what specific parts are made easier with babyshark, compared to wireshark? the github readme didnt really sell me on the "easier than GUI" part, nor did your description here. is it the "explain (plan-English hints)" part? if so, i think you should focus on that. right now it looks pretty bare bones (e.g. "Weird stuff" does not seem easier or super helpful from a learning perspective)
CLI is so valuable because rather than explore a presentation of the data you plan your RE etc and then run it and it either returns the answer or it doesn't.
There are some TUIs I quite like (LNAV as a pager) but I think if you really know what you're dealing with the CLI is better almost every time.
indeed! command line is great.
however, ~99.8% of 18 year old students have never used any command line tool in their lives. they do not know what grep is. they can navigate a gui because they have used a gui all of their life.
when im teaching networking for example, using a gui means i only need to teach one thing (networking), where if i use a cli i have to teach two things (cli + networking)
>I think if you really know what you're dealing with the CLI is better almost every time
to be clear, i was not making an argument that gui is better in general.
i am speaking as someone who teaches introductory networking courses at a 1st-year college level. no one i teach "really knows" what they are dealing with because it is the first time they are learning about it.
---
Some UX bits I noticed after playing around for a few minutes:
- Esc for backwards navigation was not obvious for me. Maybe emphasize that somehow, and/or support Backspace too for backnav?
- Enter on Domains menu item does not work
- don't mention clicking if mouse is not supported. "Select" would be more appropriate
- packets screen is truncated vertically and horizontally. Probably should be scrollable
- "weird stuff" options are numbered 1-5, but pressing those keys has no effect. There's lots of little polish fixes like this.
---
And then things I wonder about as a novice user:
- Is it possible to see domain names instead of IP addresses while e.g. looking at packets?
- What does it mean to f stream?
- How do I inspect packets? Especially compressed or encrypted data? This is more a knowledge gap, like "what am I supposed to look for", "what could be in a packet", and I guess involves reverse engineering sometimes, but it's also a tooling question.
As an aside, I was thinking about something similar to this tool for a while now after seeing this post (https://news.ycombinator.com/item?id=46723990) where someone was using Claude to troubleshoot a PCAP. It made me think that it would be nice just to have a nice collection of tshark one-liners to quickly weed out any weird stuff right off the bat. I would assume that it would be a lot more performant than using a LLM and more scalable if you have large PCAP files.