Skip to content

Instantly share code, notes, and snippets.

@pocc
Last active Mar 23, 2021
Embed
What would you like to do?
Use WSL tshark to colorize output and Windows tshark for everything else
#!/usr/bin/env bash
# Copyright 2019 Ross Jacobs
#
# tshark --color on Windows is limited to 16 colors vs 24-bit "true color"
# on other platforms. This script uses both WSL and Windows tshark in
# order to get color parity on Windows.
#
# Install:
# Add this function to your WSL ~/.bashrc and then `source ~/.bashrc`
#
# Description:
# Use Windows as the default for capturing due to WSL limitations:
# Capturing packets in WSL will not work with SOCK_RAW/SOCK_PACKET
# not yet implemented (https://github.com/Microsoft/WSL/issues/1515)
# Use Linux for reading because it can print ANSI escape codes
function tshark {
# Change these locations if these are not correct
windows_tshark="/mnt/c/Program Files/Wireshark/tshark.exe"
linux_tshark="/usr/bin/tshark"
if ! [[ $(which "${windows_tshark}") ]]
then echo "Windows tshark not found! Install with executable from Wireshark.org"; sleep 5; exit
elif ! [[ $(which "${linux_tshark}") ]]
then echo "WSL tshark not found! Install with `sudo apt install tshark`"; sleep 5; exit
fi
if [[ "$@" =~ "-r" ]]
then "${linux_tshark}" "$@" --color
elif ! [[ "$@" =~ "-w" || "$@" =~ "-D" || "$@" =~ "-L" || "$@" =~ "-h" || "$@" =~ "-v" ]]
then "${windows_tshark}" -w - | "${linux_tshark}" "$@" -r - --color
else
"${windows_tshark}" "$@"
fi
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment