vignesh07

vignesh07 / babyshark

Public

Flows-first PCAP TUI (case files, gorgeous UX). Do do do do.

496
11
100% credibility
Found Feb 24, 2026 at 298 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

Babyshark is a terminal-based viewer for network packet captures that provides intuitive dashboards for flows, domains, anomalies, and live monitoring.

How It Works

1
🔍 Discover Babyshark

You hear about Babyshark, a friendly tool that makes checking your network connections as easy as reading a dashboard.

2
📥 Get the program

Download the ready-to-run file from the releases page and place it on your computer.

3
Choose your view
📁
Open saved recording

Pick a file from your network capture to explore what happened before.

📡
Watch live traffic

Select your network connection to see packets flowing in real time.

4
📊 See the overview

The starting screen shows totals, top connections, and smart suggestions on what to check next.

5
🚨 Spot the weird stuff

Jump to 'What's weird?' to quickly find slow connections, failures, or odd behavior with plain explanations.

6
🔎 Dive deeper

Click into domains by name, flows, or packets to follow streams and search for clues.

Solve the mystery

Bookmark key findings, export a clear report, and now you understand exactly what's using or breaking your network.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 298 to 496 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is babyshark?

Babyshark is a Rust-powered TUI for PCAP analysis, treating captures like case files with a flows-first approach and gorgeous UX. Load offline `.pcap`/`.pcapng` files via `babyshark --pcap capture.pcap` for summaries, domain groupings (using DNS, TLS SNI, HTTP Host), and curated anomaly detectors, or capture live traffic with `babyshark --live en0` (needs tshark). It answers "What's using the network? What's broken? What next?" without Wireshark's GUI overhead.

Why is it gaining traction?

Unlike tshark's raw output or Wireshark's complexity, babyshark surfaces insights fast: overview dashboards with top talkers/pps sparklines, "Weird stuff" flagging resets/high-latency/DNS fails, and drill-downs to packets/streams with search/highlight. Bookmark flows, export markdown reports, and pivot by hostnames—even sans visible DNS—making triage intuitive for terminal users hooked on its doo-doo-doo rhythm.

Who should use this?

SREs triaging live connectivity flakes, backend devs dissecting app traces from customer PCAPs, or netengs spotting anomalies in flows without GUI context-switching. Perfect for keyboard warriors auditing HTTPS/DNS/UDP traffic in SSH sessions.

Verdict

v0.1.0 alpha with 284 stars and 1.0% credibility score means solid README/screenshots but potential bugs—test on real captures first. Grab a release binary if you want flows-first PCAP in your Rust TUI toolkit.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.