make termshark packet columns configurable about termshark HOT 16 CLOSED

It's been a long while @jJit0 but I am finally working on this now...

from termshark.

Oh man, I love it, works perfect 🙏
Wish I could have this tool many years ago

from termshark.

Hi. Any plans on this? Actually I'm interested in columns+profiles setting
For example for HTTP we need one set of columns(profile) and for SNMP - another set(profile)
Possibility to switch profiles in 2 clicks would be nice

from termshark.

Hi @zoulja - yes, though I didn't complete it for v2.2 unfortunately. I think I need to do some work on the underlying table widget to make its layout more flexible.

from termshark.

Hi @jJit0 and @zoulja ,

I've pushed a branch called configcolumns with a first stab at implementing configurable columns for termshark's packet list view. If you have time, would you mind giving it a try and letting me know what you think? Any feedback at all would be great. There's a new field that you can set in termshark.toml to configure the columns. Here's my config:

[main]
  column-format = ["%m", "%Yut", "%s", "%d", "%p", "%L", "%i", "%B"]

You can see these tokens if you run:

tshark -G column-formats

Termshark will run that behind the scenes to generate the list of all valid token names for columns. At startup, termshark will check your columns against this master list and discard any that are invalid, with a warning in the logs. If all are invalid, it will fall back to a safe set of columns (those that termshark uses now).

You can give the columns your own short names like this:

[main]
  column-format = ["%m No.", "%Yut Time", "%s Src", "%d Dst", "%p Proto", "%L Len", "%i Info", "%V vsan", "%B cumb"]

Here's how to build:

git clone https://github.com/gcla/termshark
cd termshark
git checkout configcolumns
export GO111MODULE=on
go install ./...

Then the binary will be ~/go/bin/termshark. Or you can get prebuilt binaries from these links:

Linux: https://storage.googleapis.com/termshark/d35d83322b03f93ee4898a0bd8103761d40fd2cc/termshark_linux_amd64/termshark

macOS: https://storage.googleapis.com/termshark/d35d83322b03f93ee4898a0bd8103761d40fd2cc/termshark_darwin_amd64/termshark

Windows: https://storage.googleapis.com/termshark/d35d83322b03f93ee4898a0bd8103761d40fd2cc/termshark_windows_amd64/termshark.exe

There's no GUI support yet for configuring these columns. I'm not sure if it's needed. What do you think?

from termshark.

Hi. By some reason it doesn't work for me, I don't see any difference when I change columns

% ./termshark -v                                                                                                                                                                                         
termshark v2.2.0+

I tried to modify this configuration file ~/.config/termshark/termshark.toml

from termshark.

Sorry @zoulja , I'm not sure what went wrong. I just tried with a freshly created Linux user and the Linux binary above. Here's the config termshark wrote out with my extra field added. I added two '%Yut' fields so I could see the difference quickly:

[main]
  color-tsharks = ["/usr/bin/tshark"]
  column-format = ["%m", "%Yut", "%Yut", "%s", "%d", "%p", "%L", "%i", "%B"]
  last-used-tshark = "/usr/bin/tshark"
  recent-files = ["/tmp/mix2.pcap"]
  validated-tsharks = ["/usr/bin/tshark"]

Would you mind pasting the relevant part of your toml config file?

from termshark.

Oh - the log file might say something useful e.g. if the column formats are incorrect in some way. You can find that at ~/.cache/termshark/termshark.log on Linux, or from termshark type :logs.

from termshark.

Ah, my bad. I've rechecked it carefully and it's ok now actually.
Abt GUI - maybe you can add 'Import Wireshark profiles column settings' to simplify migration(even I'm not sure how termshark handles setup which is too long to fit the screen)?
Probably it can be the simplest approach for the beginning(use Wireshark itself as GUI)

from termshark.

Hi @zoulja - I've implemented your suggestion in the configcolumns branch. If you run the minibufffer :columns command - or choose "Edit Columns" from the main menu - termshark will open a dialog to let you choose and rearrange the columns in the packet list view. Here's what it looks like:

There is a button provided to import the column preferences from Wireshark, if termshark can find the Wireshark config file.

Here are some pre-built binaries, if you'd like to try it:

Linux: https://storage.googleapis.com/termshark/78ccf8a3167873b9cc2d7a914a21644b1e173685/termshark_linux_amd64/termshark

macOS: https://storage.googleapis.com/termshark/78ccf8a3167873b9cc2d7a914a21644b1e173685/termshark_darwin_amd64/termshark

Windows: https://storage.googleapis.com/termshark/78ccf8a3167873b9cc2d7a914a21644b1e173685/termshark_windows_amd64/termshark.exe

Bug reports or suggestions most welcome! :-)

from termshark.

Bug reports or suggestions most welcome! :-)

Hi!
That looks really nice and I have several questions

1. Is it possible to add Show/Hide checkbox in Columns editor?
2. By some reason Columns configuration imported from Wireshark doesn't work.
   Looks like termshark detects it properly(for the test I added Windows size and Checksum status in Wireshark, using Apply as column)
   
   but just can't apply and after pressing Ok I still see default columns
3. For the next step - any chance to organize columns sets into profiles(HTTP/SNMP/etc)?
4. Is it possible to re-implement "Apply as column" feature from Wireshark?

from termshark.

Thanks @zoulja for the excellent suggestions. I'll work on these as soon as I can, hopefully at the weekend!

from termshark.

Hi @zoulja , a clarifying question for me - did you mean profiles consisting of column sets only, or a more general configuration profile like Wireshark?

from termshark.

Currently only about column sets.
Step by step 🙂

from termshark.

Hi @zoulja ,

I've pushed some more updates to the configcolumns branch. Would you mind retrying the "Import from Wireshark" button?

Here's what the latest work looks like:

I didn't include support for custom columns last time, so I've added that, along with hidden columns. In the packet struct view, there is a new button that opens a very simple menu to apply the field as a custom column:

I'll work on your columns sets suggestion next.

Before you test, please could you do the following because I changed the internals a little:

• edit ~/.config/termshark/termshark.toml and remove column-format and column-format-bak
• remove ~/.cache/termshark/tsharkcolumnsv2.gob.gz

Here are links to some pre-built binaries:

Linux: https://storage.googleapis.com/termshark/686eb304d28f622134a6e56ab131632e66da1936/termshark_linux_amd64/termshark

macOS: https://storage.googleapis.com/termshark/686eb304d28f622134a6e56ab131632e66da1936/termshark_darwin_amd64/termshark

Windows: https://storage.googleapis.com/termshark/686eb304d28f622134a6e56ab131632e66da1936/termshark_windows_amd64/termshark.exe

Thanks for trying it out!

from termshark.

I've merged this back to master now. Sorry for the churn, but once again anyone using the builds from this branch should once again edit ~/.config/termshark/termshark.toml and remove column-format and column-format-bak.

I will open a separate issue for @zoulja's suggestion of storing column preferences, and maybe more, in Wireshark-like profiles.

from termshark.