Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How does it compare against tshark?
 help



This isn't meant as a replacement for tshark. It actually uses tshark for the live capture part.

tshark is the engine; Babyshark is the guided Ul on top of it. • tshark: raw packet/field dump + powerful filters, but you have to know what fields to ask for and how to stitch the story together. • Babyshark: gives you an opinionated workflow (Overview → Domains/Weird → Flows → Packets/ Stream) with "explain/why it matters" text, curated detectors, and one-key drilldowns.

For live capture, Babyshark uses tshark -T fields to extract things like DNS qname / TLS SNI / HTTP host; for offline PCAP it parses enough to build flows + summaries.

So: if you already live in tshark one-liners, tshark is faster. If you're trying to understand what's happening or teach/debug quickly, Babyshark is a nicer front-end.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: