MacTshark

A modern network packet capture and analysis tool for macOS, providing a lightweight alternative to Wireshark with a web-based interface.

Overview

MacTshark is a network packet capture and analysis tool designed for macOS. It consists of two main components:

1. MacTsharkServer: A C++ backend server that uses tshark (Wireshark's command-line utility) to capture and process network packets, providing data in JSON format via HTTP API endpoints.

2. MacTsharkWeb: A React-based web frontend that provides a user interface for interacting with the server, visualizing network data, and analyzing packet information.

Features

• Network packet capture and analysis
• Session tracking and analysis
• Protocol statistics
• IP geolocation information
• Real-time network adapter monitoring
• Packet detail inspection with hex data viewer
• Support for both offline PCAP file analysis and live capture

Screenshots

Requirements

• macOS operating system
• Wireshark installed (for tshark)
• C++14 compatible compiler
• CMake 3.31 or higher
• Node.js and npm for the web interface

Installation

Backend (MacTsharkServer)

1. Install Wireshark for macOS
2. Clone this repository
3. Build the server:

cd MacTsharkServer
mkdir -p build
cd build
cmake ..
make

Frontend (MacTsharkWeb)

1. Navigate to the web application directory:

cd mactsharkweb

2. Install dependencies:

npm install

3. Build for production:

npm run build

Usage

Running as Separate Components

1. Start the backend server:

cd MacTsharkServer/build
./MacTsharkServer

2. Start the web interface in development mode:

cd mactsharkweb
npm start

Running as Electron App

cd mactsharkweb
npm run electron

Quick Start (macOS)

./start_mactshark_macos.sh

API Endpoints

The MacTsharkServer provides the following API endpoints:

• GET /api/getPacketDetail?frameNumber=1 - Get packet details
• POST /api/analysisFile - Analyze PCAP file
• GET /api/getWorkStatus - Get work status
• POST /api/startCapture - Start packet capture
• POST /api/stopCapture - Stop packet capture
• GET /api/getSessions?page=1&pageSize=10 - Get session list
• GET /api/getSessionDetail?sessionId=1 - Get session details
• GET /api/getIPStatsList?page=1&pageSize=10 - Get IP statistics
• GET /api/getProtoStatsList?page=1&pageSize=10 - Get protocol statistics
• GET /api/getCountryStatsList?page=1&pageSize=10 - Get country statistics

Project Structure

The repository is organized into several key directories:

• MacTsharkServer/: C++ backend server
• mactsharkweb/: React/TypeScript frontend application
• lessons/: Educational content and examples organized by lesson number
• build/: Build artifacts (generated)

For more detailed information about the project structure, see the structure documentation.

Technical Stack

Backend

• C++14
• CMake
• SQLite3
• cpp-httplib
• RapidJSON, RapidXML
• Loguru, IP2Region

Frontend

• React 18 with TypeScript
• Electron
• Arco Design UI components
• ECharts for data visualization

For more detailed information about the technical stack, see the tech documentation.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

• Wireshark and tshark for the underlying packet capture functionality
• All open-source libraries used in this project

---

MacTshark (中文)

MacTshark 是一款为 macOS 设计的现代网络数据包捕获和分析工具，提供了一个轻量级的 Wireshark 替代品，具有基于 Web 的界面。

概述

MacTshark 是一款为 macOS 设计的网络数据包捕获和分析工具。它由两个主要组件组成：

1. MacTsharkServer：一个 C++ 后端服务器，使用 tshark（Wireshark 的命令行工具）捕获和处理网络数据包，通过 HTTP API 端点以 JSON 格式提供数据。

2. MacTsharkWeb：一个基于 React 的 Web 前端，提供与服务器交互的用户界面，可视化网络数据并分析数据包信息。

有关更多详细信息，请参阅中文文档。