lazytcp

lazytcp is a TUI for interactively filtering packets from a .pcap file. It aims to provide a clean, fast and intuitive UX. Hat tip to the awesome lazygit TUI for the name inspiration. 🙌

demo.mp4

Requirements

• Rust
• tcpdump available on PATH

Installation

git clone git@github.com:indradhanush/lazytcp.git
cd lazytcp
cargo install --path . 

Keyboard Controls

• q / Ctrl-C: quit
• tab / shift+tab: cycle focus between panes
• 0: focus Filter pane
• 1: focus Packets pane
• j / k or arrow keys: move selection
• ?: open keybindings popup
• C: clear all active filters

Filter pane

• j / k or arrow keys: move selection
• enter: open value popup for the selected filter
• c: clear selected filter dimension

Value popup (multi-select)

• space: toggle selected value
• enter: apply
• /: start sub string search and type to narrow down candidates, enter to finish typing
• c: clear current category
• esc: cancel

Date Time popup

• tab or j/k: switch start/end field
• type start/end timestamps directly
• c: clear both fields
• C: clear all categories
• enter: apply
• esc: cancel

Notes

• Current CLI usage is: lazytcp <pcap-file>.
• Packet parsing is based on tcpdump -nn -tttt -r <pcap-file>.

Development

See DEVELOPMENT.md

Roadmap

See ROADMAP.md.